how to use this -- HTTP

Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

mighty monk, how can i do this

# Check that this page is directed from a valid location.

$referer = $ENV{'HTTP_REFERER'};
print $query->redirect('/cgi-bin/errorpage.cgi') if ($referer eq "");
[download]

If the user want to go to the Mainpage.cgi, they have to be coming from the a.cgi and b.cgi page. not from the other page or just from the blank page. if they are not from this valid page they will be redirect to the errorpage.cgi. so how can use enhance the above coding. since it already will redirect the user to errorpage is they are from the blank page. thank you for all your help.

Comment on how to use this -- HTTP_REFERER Download Code

Replies are listed 'Best First'.
Re: how to use this -- HTTP_REFERER by larryk (Friar) on Jul 18, 2001 at 12:38 UTC
Your code is fine, the condition can be easily written as... `$referer = $ENV{'HTTP_REFERER'}; my @valid_referers = ( 'http://www.yoursite.com/cgi-bin/a.cgi', 'http://www.yoursite.com/cgi-bin/b.cgi' ); print $query->redirect('/cgi-bin/errorpage.cgi') unless ( grep $_ eq $referer, @valid_referers );` [download] ...which basically goes through the list of valid referers and checks if the one you just got is in it. Hope this helps "Argument is futile - you will be ignorralated!"	[reply] [d/l]
Re: how to use this -- HTTP_REFERER by shotgunefx (Parson) on Jul 18, 2001 at 12:51 UTC
Hopefully your not doing this to protect a document. The HTTP_REFERER header is incredibly easy to fake. The other problem is that not all browsers will supply it. -Lee "To be civilized is to deny one's nature."	[reply]
Re: how to use this -- HTTP_REFERER by MZSanford (Curate) on Jul 18, 2001 at 12:51 UTC
There is no doubt that the approach you have works, but just thinking about it from a large-system scalability stand point, hard coding the URL's is probably a bad idea. I would stick with the approach, but maybe put and array or hash somewhere in a central module (or `require`'d file) which contains the information. That way additions can be made by the non-Monk. OH, a sarcasm detector, that’s really useful	[reply] [d/l]
Re: how to use this -- HTTP_REFERER by rrwo (Friar) on Jul 19, 2001 at 01:42 UTC
It can work, but it's not reliable. Some browsers can block the referrer for privacy reasons. Is there any reason why a user has to come to Mainpage.cgi from a.cgi or b.cgi? If it's because mainpage.cgi requires special CGI parameters, then perhaps you should fix mainpage.cgi to check input parameters and return an error if they are invalid. You may consider another method: if you're saving state on the server and exchanging some kind of nonce or cookie, then perhaps log where the user was last and have mainpage.cgi check that.	[reply]