Is it possible to allow access to a page dependent on the reffering URL. IE I would like to allow access to a page ONLY if the visitor came from someplace.html
Any help
NoodlesSet a session variable in the page they have come from and then on the page they are going to make sure the session variable is the same as what you set it to.Would you like to elaborate Ashley? This ain't my strong point - cookies etc! Thanks for the replySure,
Session variables can be set using ASP (and probably in other languages but I don't know how).
A session variable is different to a cookie in that they only remain for a certain amount of time. If you leave your PC for any amount of inactive time the session variable will cease. In this respect they are more secure than cookies.
So, for example, on the first page your visitors go to you can set the session variable to anything you like
E.g. session("checkid") = "letmein"
Here we have set the session variable named "checked" to the value "letmein".
Now when visitors go to the next page you can then use
if session("checkid") ="letmein" then
let them view the page
else
don't let them view the page
end if
Hope this helps a bit.I know you can do this server side, with PERL, PHP, or ASP (as the above post explains), and probably client side with JAVAscript.
Which scripting language are you most likely to use?
Regards,
KevinAdd this line to your script:
@referers = ('domain.com');
and then this script I came up with quickly
if ($ENV{'HTTP_REFERER'}) {
foreach $referer (@referers) {
if ($ENV{'HTTP_REFERER'} =~ m|https?://([^/]*)$referer|i) {
$check_referer = 1;
last;
}
}
}
else {
$check_referer = 1;
}
# If the HTTP_REFERER was invalid, send back an error.
if ($check_referer != 1) { &error('bad_referer') }
}
Then add this sub:
sub error {
# Localize variables and assign subroutine input. #
local($error,@error_fields) = @_;
if ($error eq 'bad_referer') {
if ($ENV{'HTTP_REFERER'} =~ m|^https?://([\w\.]+)|i) {
$host = $1;
print <<"(END ERROR HTML)";
Content-type: text/html
<html>
<head>
<title>Bad Referrer - Access Denied</title>
</head>
<body bgcolor=#FFFFFF text=#000000>
<center>
<table border=0 width=600 bgcolor=#9C9C9C>
<tr><th><font size=+2>Bad Referrer - Access Denied</font></th></tr>
</table>
<table border=0 width=600 bgcolor=#CFCFCF>
<tr><td>Not Allowed<tt>$ENV{'HTTP_REFERER'}</tt>
</td></tr>
</table>
</center>
</body>
</html>
(END ERROR HTML)
}
I am a total newbie so this might not work.
Good Luck,
PaulI believe using $ENV{'REMOTE_ADDR'} will return the page the the script was accessed from, $ENV{'HTTP_REFERER'} returns the domain name.
If the name of the refering html page stays the same you can just check for that:
if ($ENV{'REMOTE_ADDR'} eq "http://www.yourdomain.com/someplace.html") {
$entry = 1;
&enter_script;
}
if ($entry != 1) {
&do_your_error_routine;
}
Regards,
KevinThanks for all your replies. I would have liked to do it using php but will try adding the code you have all suggested and see what works best.
Thanks again
Stay Happy
NoodlesThanks Kevin,
Like I said I am a total newbie at this so I wasn't sure if that would work.
Thanks,
PaulIf you're going to be using php, check if it allows for session variables like ASP does. If not, PHP is similar enough to PERL that the other examples might just work with a little modification.
Regads,
KevinHi Paul,
Your exapmle looks like a typical valid referer routine (looks like Matt Wrights coding). Its a great tool to prevent unauthorized access to perl scripts from another website or from a persons personal computer.
Regards,
Kevin
Any help
NoodlesSet a session variable in the page they have come from and then on the page they are going to make sure the session variable is the same as what you set it to.Would you like to elaborate Ashley? This ain't my strong point - cookies etc! Thanks for the replySure,
Session variables can be set using ASP (and probably in other languages but I don't know how).
A session variable is different to a cookie in that they only remain for a certain amount of time. If you leave your PC for any amount of inactive time the session variable will cease. In this respect they are more secure than cookies.
So, for example, on the first page your visitors go to you can set the session variable to anything you like
E.g. session("checkid") = "letmein"
Here we have set the session variable named "checked" to the value "letmein".
Now when visitors go to the next page you can then use
if session("checkid") ="letmein" then
let them view the page
else
don't let them view the page
end if
Hope this helps a bit.I know you can do this server side, with PERL, PHP, or ASP (as the above post explains), and probably client side with JAVAscript.
Which scripting language are you most likely to use?
Regards,
KevinAdd this line to your script:
@referers = ('domain.com');
and then this script I came up with quickly
if ($ENV{'HTTP_REFERER'}) {
foreach $referer (@referers) {
if ($ENV{'HTTP_REFERER'} =~ m|https?://([^/]*)$referer|i) {
$check_referer = 1;
last;
}
}
}
else {
$check_referer = 1;
}
# If the HTTP_REFERER was invalid, send back an error.
if ($check_referer != 1) { &error('bad_referer') }
}
Then add this sub:
sub error {
# Localize variables and assign subroutine input. #
local($error,@error_fields) = @_;
if ($error eq 'bad_referer') {
if ($ENV{'HTTP_REFERER'} =~ m|^https?://([\w\.]+)|i) {
$host = $1;
print <<"(END ERROR HTML)";
Content-type: text/html
<html>
<head>
<title>Bad Referrer - Access Denied</title>
</head>
<body bgcolor=#FFFFFF text=#000000>
<center>
<table border=0 width=600 bgcolor=#9C9C9C>
<tr><th><font size=+2>Bad Referrer - Access Denied</font></th></tr>
</table>
<table border=0 width=600 bgcolor=#CFCFCF>
<tr><td>Not Allowed<tt>$ENV{'HTTP_REFERER'}</tt>
</td></tr>
</table>
</center>
</body>
</html>
(END ERROR HTML)
}
I am a total newbie so this might not work.
Good Luck,
PaulI believe using $ENV{'REMOTE_ADDR'} will return the page the the script was accessed from, $ENV{'HTTP_REFERER'} returns the domain name.
If the name of the refering html page stays the same you can just check for that:
if ($ENV{'REMOTE_ADDR'} eq "http://www.yourdomain.com/someplace.html") {
$entry = 1;
&enter_script;
}
if ($entry != 1) {
&do_your_error_routine;
}
Regards,
KevinThanks for all your replies. I would have liked to do it using php but will try adding the code you have all suggested and see what works best.
Thanks again
Stay Happy
NoodlesThanks Kevin,
Like I said I am a total newbie at this so I wasn't sure if that would work.
Thanks,
PaulIf you're going to be using php, check if it allows for session variables like ASP does. If not, PHP is similar enough to PERL that the other examples might just work with a little modification.
Regads,
KevinHi Paul,
Your exapmle looks like a typical valid referer routine (looks like Matt Wrights coding). Its a great tool to prevent unauthorized access to perl scripts from another website or from a persons personal computer.
Regards,
Kevin