Re: [PHP] (new question on this) http referer
On 08-Apr-2004 John Nichel wrote: Joe Szilagyi wrote: Just a follow up on this one--I've seen where consistently that $HTTP_REFERER will only show local referers, but not stuff from other sites/hostnames. This is on mod_php... any workaround for that? Regards, Joe The referrer is sent by the referring machine. If that machine isn't setting it, you can't get it. If memory serves, I think I remember someone claiming that this could also be blocked at a firewall...don't know if that's true or not though. Not a firewall. The 'Referer' is in the headers, that would mean the FW would have to edit the stream (~shudder~). A 'proxy' server on the other hand will re-write headers : mysql select url from urls where url not like 'http%' limit 5; +--+ | url | +--+ | 1.0 TECH002 | | 1.1 wall:800 (squid/2.5.STABLE2) | | 1.0 px2nr (NetCache NetApp/5.5D1)| | 1.0 arnink[D4BB2507] (Traffic-Server/5.2.1-58896 [uSc ]) | | 1.1 ffm2-t6-1.mcbone.net:3228 (Squid/2.1.PATCH1) | +--+ 5 rows in set (0.00 sec) FYI: mysql select count(*) from urls; +--+ | count(*) | +--+ | 261511 | +--+ 1 row in set (0.00 sec) mysql select count(*) from urls where url not like 'http%'; +--+ | count(*) | +--+ |69594 | +--+ 1 row in set (0.38 sec) mysql select 69594/ 261511; +---+ | 69594/ 261511 | +---+ | 0.27 | +---+ 1 row in set (0.00 sec) So 27% of my hits are by proxy (for this site/month anyhow). Regards, -- Don Read [EMAIL PROTECTED] -- It's always darkest before the dawn. So if you are going to steal the neighbor's newspaper, that's the time to do it. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] (new question on this) http referer
Just a follow up on this one--I've seen where consistently that $HTTP_REFERER will only show local referers, but not stuff from other sites/hostnames. This is on mod_php... any workaround for that? Regards, Joe - Original Message - From: John W. Holmes [EMAIL PROTECTED] To: php [EMAIL PROTECTED]; Chris Bruce [EMAIL PROTECTED] Sent: Thursday, April 08, 2004 12:30 PM Subject: Re: [PHP] http referrer From: Chris Bruce [EMAIL PROTECTED] I apologize for my ignorance, but I am trying to find a way to grab the referring url. I can't seem to find the environment variable to do this. Does anyone know how to grab this? $_SERVER['HTTP_REFERER'] print_r($_SERVER) will tell you for sure. ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] (new question on this) http referer
On Thursday 08 April 2004 17:31, Joe Szilagyi wrote: Just a follow up on this one--I've seen where consistently that $HTTP_REFERER will only show local referers, but not stuff from other sites/hostnames. This is on mod_php... any workaround for that? Referrer is a function of the browser. If it chooses to not give it to you, you don't get it. Proxomitron, at one point, shipped with a setting that gave the browser as SpaceBison, and the referrer as the URL being visited. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] (new question on this) http referer
* Thus wrote Joe Szilagyi ([EMAIL PROTECTED]): Just a follow up on this one--I've seen where consistently that $HTTP_REFERER will only show local referers, but not stuff from other sites/hostnames. This is on mod_php... any workaround for that? Its up to the web browser to decide if it is going to send the referrer. In most cases, any time a user clicks on a link or loads a file within a page, the referrer is sent, even from other sites. Curt. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] (new question on this) http referer
Joe Szilagyi wrote: Just a follow up on this one--I've seen where consistently that $HTTP_REFERER will only show local referers, but not stuff from other sites/hostnames. This is on mod_php... any workaround for that? Regards, Joe The referrer is sent by the referring machine. If that machine isn't setting it, you can't get it. If memory serves, I think I remember someone claiming that this could also be blocked at a firewall...don't know if that's true or not though. -- *** * _ __ __ __ _ * John Nichel * * | |/ /___ __ \ \/ /__ _ _| |__ ___ __ ___ _ __ * 716.856.9675 * * | ' / -_) _` \ \/\/ / _ \ '_| / /(_-_/ _/ _ \ ' \ * 737 Main St. * * |_|\_\___\__, |\_/\_/\___/_| |_\_\/__(_)__\___/_|_|_|* Suite #150 * * |___/ * Buffalo, NY * * http://www.KegWorks.com[EMAIL PROTECTED] * 14203 - 1321 * *** -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] (new question on this) http referer
On Thu, 2004-04-08 at 12:36, Duncan Hill wrote: On Thursday 08 April 2004 17:31, Joe Szilagyi wrote: Just a follow up on this one--I've seen where consistently that $HTTP_REFERER will only show local referers, but not stuff from other sites/hostnames. This is on mod_php... any workaround for that? Referrer is a function of the browser. If it chooses to not give it to you, you don't get it. Proxomitron, at one point, shipped with a setting that gave the browser as SpaceBison, and the referrer as the URL being visited. Opera let's you choose whether to send the referrer or not. it also lets you specify the browser to send so that you can trick some sites that are poorly implemented (or restrictively) to think you are using IE. Cheers, Rob. -- .. | InterJinn Application Framework - http://www.interjinn.com | :: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] (new question on this) http referer
snip The referrer is sent by the referring machine. If that machine isn't setting it, you can't get it. If memory serves, I think I remember someone claiming that this could also be blocked at a firewall...don't know if that's true or not though. /snip Yup, certain firewalls either mangle the HTTP_REFERER such that it appears it was sent by Elmer Fudd, showing up as HTTP_WEFERER, and others just eliminate it altogether. At any rate, if you're relying on HTTP_REFERER to make sure a script is being called from a certain location, I don't think it's very reliable. Does anyone have any ideas as to a workaround for this? Cheers, Pablo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] (new question on this) http referer
Richard Davey wrote: Hello Robert, Thursday, April 8, 2004, 7:13:27 PM, you wrote: RC Aaah ok. That makes more sense to me :) Sorry was confused by the use of RC the word redirect. Thought you were redirecting the user to an alternate RC script with the reposted data. I'm not sure I understand how this is RC more secure since isn't the data as valid as the first time it was RC posted? It's not about the validity of data, that is handled by the receiving script - it's about knowing for sure WHERE that form data came from in the first place. For example it would stop something along the lines of a user downloading your form, modifying some values and then posting it from their local box. It could also stop another web-site automatically posting data to your forms should they mask the referer value. How would your process stop them? If Script A doesn't know where the data is coming from, how could Script B know where it's coming from? Sure, Script B knows it's receiving data from Script A, but the data could have come from anywhere before that. Script A just resends it anyhow without any checks. Sure, no one can call Script B directly, but they don't have to when Script A just sends the data, anyhow. :) -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php