Deb wrote: The following errors were found: Sorry, but I cannot figure out who sent you here. Your browser is not sending an HTTP_REFERER. Please use the back button to correct these errors.
Paul added: Just did the same tests (test/333-333-3333 & the puterbug/333-333-3333) and it worked. The next thing would be that your host does not allow forms to be submitted unless it knows who is sending the data, this issue is resolved by testing/(logging?) the HTTP_REFERER header. Headers are sent BY the browser TO the server. So logically speaking, if the server is not getting the header, this should mean that the browser is not sending it. What browser are you using? did you tweak it recently? Can you try with another browser on your machine? And David suggested: I think you'll most likely find that your formmail.php script will have something in it which tries to get the HTTP_REFERER. It's not a great approach for a form handler to do that, since sometimes browsers won't send the HTTP_REFERER (even if they have submitted the form to get there, and not gone directly). A much better approach is to just log every request which didn't have a referrer, but let it continue anyway. Tim sez: The HTTP_REFERER (I shudder at the spelling) is usually used to determine where the browser is coming from when it submits information - in other words, checking it can help prevent someone pulling down your page's source, changing a few values, and submitting it in an attempt to hack your site; the HTTP_REFERER would point to whatever server they were submitting the page from, instead of your webserver. I've been working on a secure extranet and this is one method of hack prevention (you always want the HTTP-REFERER to be YOUR server, nothing else). Unfortunately, the CGI or ASP doesn't always get the HTTP_REFERER back from the browser...some browsers don't send it, sometimes it gets stripped in transmission, and if the browser was opened cleanly to your page (no prior pages) it simply won't be there. It's not considered stable enough to use as a major security plug, it's just sort of an extra thing you can check. David's idea is probably the best - check it and log attempts that don't have it or where it's incorrect. In fact, I like that idea a lot...I've been pondering exactly what to do myself. Thanks, David! :-) So *many* things in web development *almost* work. It's like building a house in the middle of a river. :-) Tim ___________________________ Tim Furry Web Developer Foulston Siefkin LLP ____ • The WDVL Discussion List from WDVL.COM • ____ To Join wdvltalk, Send An Email To: mailto:[EMAIL PROTECTED] Send Your Posts To: [EMAIL PROTECTED] To change subscription settings to the wdvltalk digest version: http://wdvl.internet.com/WDVL/Forum/#sub ________________ http://www.wdvl.com _______________________ You are currently subscribed to wdvltalk as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED]
