Re: [PHP] Bogus headers returned by firewalls
Pablo Gosse a écrit : munging up the HTTP_REFERER for a page? In HTTP, Referer is an OPTIONAL field in the HTTP/1.1 spec (see rfc 2616). I saw many strange referers (like 'Empty', 'bookmarks' 'XXX++', 'Removed by YYY', etc) sent or modified by security assistants, browsers, spiders... You can throw away many referers because of this (perhaps 20%) Some user agent (ex browsers) are broken and send bad referers (some mozilla, some browsers on Mac did this, from my memory). Relying on the referer is not the best solution - can be faked (using scripts, not std browser, well, ok) - referer is not mandatory and not reliable - pblm will only rise (privacy concerns is main reason, thousands of companies use systems 'cleaning' the referers) Hope this helps Christophe -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Bogus headers returned by firewalls
Hi folks. Has anyone out there ever had any issues with a user's personal firewall munging up the HTTP_REFERER for a page? I've got a mailer script which is accessed from a few domains within our network of sites, and sometimes users have been getting an error which informs them the script has been illegally accessed from outside of our domain. The error occurs when the string 'unbc.ca' is not found in the HTTP_REFERER. However, after adding some checking I've found that for users who encounter this error when on a valid form, there is no HTTP_REFERER in the $_SERVER array and instead there is an HTTP_WEFERER: HTTP_WEFERERNQEMSFDULHPQQWOYIYZUNNYCGPKYLEJGDGVCJVTLBXFGGMEPYOQKED I've googled this and this was the most informative piece I came up with: http://lists.evolt.org/archive/Week-of-Mon-20030901/147671.html It seems from this post and the links to the norton site within it that it is the firewall that is munging up the headers and that there is no way for me to avoid this. Am I mistaken in thinking this? Does anyone out there have any knowledge as to whether this can be dealt with? Cheers and TIA, Pablo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Bogus headers returned by firewalls
From: Pablo Gosse [EMAIL PROTECTED] Hi folks. Hi. Has anyone out there ever had any issues with a user's personal firewall munging up the HTTP_REFERER for a page? Yes. Some firewalls will do this for privacy reasons so you can't tell where they came from. You can't do anything about it, but the user may be able to turn the feature on or off (if they have control of the firewall). ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
