Forum Discussion
4 Replies
Sort By
- hooleylistCirrostratusHi,
when HTTP_REQUEST { log local0. "Referer: [HTTP::header value Referer]" }
- hooleylistCirrostratusThe referer header (and any other HTTP header) can easily be modified by a user. Browser plugins like Firefox's tamper data or interception proxies make it very simple to manipulate header values. You might want to reconsider using the referer header value for anything other than reporting purposes. Does the application set a cookie with a session ID, or is there some other way to differentiate users who have logged into the application from those that are accessing the pages directly without having logged in? If so, you might be better off using that as a key for access control.
- vrajan_97076NimbostratusSorry, but i'm new to this, just to confirm if this will work ???
- The only problem I see is the embedded quotes in your string. You can either escape them with backslashes "...\"..." or use single quotes which will work with javascript as well. You can also simplify it a bit to elimiate the else clause though.
when HTTP_REQUEST { if { ! ([string tolower [HTTP::header value Referer]] contains "abc.def.com") } { HTTP::respond 200 content " " } }