Home > IT Answers > Development > Getting Referring URL information
Help

Question

Asked:
Asked By:
Sep 1 2005   3:26 PM GMT
Pearl52   0 pts.

Getting Referring URL information


HTML, Web site design & management, VBScript, ASP

We have a website which validates users by making sure that they come through a link from the company's secure site. This is done by checking the Refering URL. This works most of the time but for some users we are getting a blank Referring URL, although they are coming through the valid link. Any suggestions as to what could be causing that. Does some firewall setting, or other software installed on clients machine may cause not to pass the referring URL correctly?

Thanks in advance for your input.

Subscribe to Alerts! Get questions and answers delivered to your Inbox.


E-mail me updates on this question



   SUBSCRIBE

hidden modal window
Help

Answer Wiki (Improve, edit or add to this answer)

IMPROVE THIS ANSWER
View History
 RATE THIS ANSWER
0
Click to Vote:
  •   0
  •  0
Last Answered: Sep 2 2005  7:39 AM GMT  by jstew65   0 pts.




What type of web server are you guys using? Also, what type of development platform (asp, php, jsp, etc) are you using as well?

Harlin Seritt
Internet Villa: www.seritt.org
  • AddThis Social Bookmark Button

Browse more Questions and Answers on Development.

Looking for relevant Development Whitepapers? Visit the SearchWinDevelopment.com Research Library.


RSS - Discussions Help

Discuss This Answer


You must be logged-in to discuss a question. Log-in/Register

TimG123   0 pts.  |   Sep 2 2005  8:47AM GMT

This is usually caused by the user having some type of antivirus software installed on their machine such as Norton Internet Security. There is a setting to block the referring URL.

Unless you are able to control the user’s desktop, you cannot rely on the referring URL since you cannot guarantee that it will be populated. If your application is accessible by the general public then you will need to use another method to get the information that you need rather than the referring url for example using the query string.

 

amigus   0 pts.  |   Sep 2 2005  2:12PM GMT

As pointed out in a previous post AV software will often remove the referring URL from the request and in addition just as software can remove the referring URL it can also change it or create it making this method of authentication *very* insecure. If this site protects anything meaningful I strongly suggest you adopt another method of verification.