Results 1 to 3 of 3

Thread: http_referrer

  1. #1
    Join Date
    Dec 1969

    Default http_referrer

    I thought I could use:<BR><BR>if request.servervariables("HTTP_REFERRER") &#060;&#062; "registration.asp" then<BR><BR>response.write "direct access not allowed"<BR><BR>end if<BR><BR>but it seems not...I think its because I need a full path including protocol for that server var? Is there a way I can do this?<BR><BR>It is because my registration.asp or submit_registration.asp are not password protected for obvious reasons, I want to stop the submit_registration.asp page processing if it somehow gets loaded without coming from the registration page?

  2. #2
    Join Date
    Dec 1969
    Los Angeles, CA

    Default instr <eop>


  3. #3
    Join Date
    Dec 1969

    Default Well, yes, but...

    ...the problem with that:<BR><BR>You are looking for the request to come from (say):<BR><BR><BR>And somebody "spoofs" your site with<BR><BR><BR>And you do an<BR> IF INSTR( 1, referer, "registration.asp", vbTextCompare ) &#062; 0 Then<BR>and that hacker site is happily accepted.<BR><BR>

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts