HTTP_REFERER

Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

I can access most of the environment variables, but for some reason I cannot access the HTTP_REFERER environment variable. Is it possible that some of these environment variables are locked out by the server? Here is the very simple test script:

#!/usr/bin/perl
print ("Content-type: text/html\n\n");
print "<HTML><HEAD><TITLE>Environment Variables</TITLE></HEAD><BODY>";
print "<p><b>$ENV{'HTTP_USER_AGENT'} $ENV{'HTTP_REFERER'}</b></p>";
print "</BODY></HTML>";
open(FILE,">>testdata");
print FILE "\nHere";
close (FILE);
[download]

The HTTP_USER_AGENT is displayed but not the REFERER. Thanks in advance.

Comment on HTTP_REFERER Download Code

Replies are listed 'Best First'.
Re: HTTP_REFERER by merlyn (Sage) on Aug 15, 2000 at 23:56 UTC
It's probably a good thing you can't access it. {grin} REFERER is not to be trusted. Fine to use it as a hint. Fine to log it. But do not do anything with it other than look at it. Some security firewalls strip it routinely Some browsers send incorrect values It's trivial to forge If you find yourself uttering "control" or "security" or "verify" in the same sentence as REFERER, please stop yourself now. Don't make me come over there! {grin} -- Randal L. Schwartz, Perl hacker	[reply]
RE: Re: HTTP_REFERER by Anonymous Monk on Aug 16, 2000 at 09:52 UTC
I am not using this for any security measures and am aware of the risks involved. I am only using the script to get a rough idea of where people who come to a site (low hit count) are entering from. I view the file every once and awhile. I was also testing the concept of a web bug. Those annoying pixel sized images that some companies are using to get data on a user. The concept is very simple and my script helped me learn how it is done. Thanks for the help and concern for others privacy.	[reply]
Re: HTTP_REFERER by turnstep (Parson) on Aug 15, 2000 at 23:27 UTC
Do this for a quick list of what is and is not there: `print "<UL>\n"; for (sort keys %ENV) { print "<LI>$_ <STRONG>$ENV{$_}</STRONG>\n"; } print "</UL>\n";` [download] Be aware that this can be easily changed/faked, and that some browsers do not send anything at all (which could be what is happening here)	[reply] [d/l]
RE: HTTP_REFERER by steveAZ98 (Monk) on Aug 15, 2000 at 23:55 UTC
It's also possible that there was no referer. If the first page accessed after the browser was opened was your script then their will not be a referer.	[reply]