|
Home > Archive > Apache Server configuration support > January 2004 > referer question, need help
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
referer question, need help
|
|
| didier 2004-01-24, 7:33 am |
| Hi,
I've files available for download that are accessible via a link from
another webserver.
This webserver uses some php code to link to the dowload files, the link
looks like this one:
http://othersite/modules.php?name=D...=getit&lid=4#dl
which actually returns the exact download link to the client. This is used
because we want to hide our direct
download links to external sites. External sites should not be able to steal
the url.
Now the problem, sometimes the referer is not sent! The log files do shows
any empty (non-existent) referer from some clients?!
Apart from this reason: the user enters the url directly in the browser (or
bookmark) to download file.
1) How is it possible that the referer is not transmitted, is this normally
a client side or server side problem
2) How can you inverstigate such a problem, where or what should I start to
check?
The apache server has only a few modules compiled, may be a missing module,
could this be the problem?
many thanks
| |
| Davide Bianchi 2004-01-24, 7:33 pm |
| didier <NOSPAM@nospam.org> wrote:quote:
> 1) How is it possible that the referer is not transmitted, is this normally
> a client side or server side problem
The client told the browser to not send referer, it's a proxy, it's
a tool that doesn't send that information.
Davide
--
| AFAIR, being insane is usually a pre-requisite for becoming a
| sysadmin. In the few cases where it's not pre-requisite, it's
| certainly going to be a bonus. --SIggi the Underpaid
|
|
|
| |
| Richard Antony Burton 2004-01-25, 5:33 am |
|
"Davide Bianchi" <davideyeahsure@onlyforfun.net> wrote in message
news:buvu92$m7fmk$8@ID-18487.news.uni-berlin.de...
quote:
> The client told the browser to not send referer, it's a proxy, it's
> a tool that doesn't send that information.
Some privacy programs, including some Norton products, prevent referer
headers being sent. Some download tools are passed the URL of the file by
the browser, and do not have the referer information to send with the
request.
You should not consider blocking downloads without a refere, else you will
upset plenty of legitimate users.
You really shouldn't use the referer header for this purpose, it really
isn't up to the job. They are easily faked, and are optional to start with.
Plusthis method you have of hiding the url, really doesn't do that. Anyone
looking to steal the real url to link to would require about 10 seconds more
effort than if you just linked to it directly.
If you put it on a public server, it is public. If you don't want it to be
public you need to use a proper authentication method (e.g. username &
password).
Richard.
|
|
|
|
|