This is part of The Pile, a partial archive of some open source mailing lists and newsgroups.
To: Stef Telford <stef@Chronozon.dyndns.org>
From: Balazs Rauznitz <balazs@commissioner.com>
Subject: Re: HTTP_REFERRER and Mod_perl
Date: Mon, 15 Jan 2001 13:05:35 -0500 (EST)
On Mon, 15 Jan 2001, Stef Telford wrote:
> hello,
> okay, this may be a silly configuration problem, but I would
> really like to know if its jst me with this problem. if it is, then i
> dont mind
> being hit around the hit and pointed to the appropiate place for further
> reading.
>
> I have setup Apache (1.3.14) to use mod_perl for all the
> perl scripts (.pl) on the webroot. Everything is working great, I have
> written my own authentication procedures against postgreSQL 7 and
> have also used the Apache::DBI. Thats not the problem.
>
> The problems arise when i try to use HTTP_REFERRER from
> the $ENV enviroment. All the other variables are set jst fine
> (HTTP_HOST,
> HTTP_ACCEPT, HTTPS) but no HTTP_REFERRER. What am I doing
> wrong to not 'obtain' this variable. it never shows up in the $ENV list.
> Is this an oversight of mod_perl (v1.24).
>
> I need this to stop people from typing in URLS or jumping to
> a location from a bookmark. If i cant do it this way, then I guess I
> will
> have to use the MD5 encrypted url checksum and do it that way.
You spell too well. Try HTTP_REFERER.
===
To: siberian <siberian@siberian.org>
From: "Stef Telford" <stef@Chronozon.dyndns.org>
Subject: Re: HTTP_REFERRER and Mod_perl
Date: Mon, 15 Jan 2001 14:17:18 -0500 (EST)
John wrote:
> I think your mispelling :
>
> HTTP_REFERER , not HTTP_REFERRER
>
> When in doubt run a check on your %ENV hash
>
> foreach( keys %ENV ) {
> print "$_ = $ENV{ $_ }\n" ;
> }
>
you know.. thats the funny thing. I DO that. i have
changed the spelling of HTTP_REFERRER to HTTP_REFERER
but still i dont get this showing up in mod_perl. is this set via
another Apache module perhaps ? Is it okay to have the
mod_perl handle all the .pl files instead of mod_cgi ?
here is the $ENV sorted alphabetical, as you can see.
no HTTP_REFERER of any sort. frankly i am a bit stumped
by this.
----
GATEWAY_INTERFACE="CGI-Perl/1.1"
HTTPS="on"
HTTP_ACCEPT="image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
image/png, */*"
HTTP_ACCEPT_CHARSET="iso-8859-1,*,utf-8"
HTTP_ACCEPT_ENCODING="gzip"
HTTP_ACCEPT_LANGUAGE="en"
HTTP_CONNECTION="Keep-Alive"
HTTP_COOKIE="sessionid=NMqr%2Fl6Rilxfo;"
HTTP_HOST="chronozon.dyndns.org"
HTTP_PRAGMA="no-cache"
HTTP_USER_AGENT="Mozilla/4.75 [en] (X11; U; FreeBSD 4.2-RELEASE i386;
Nav)"
MOD_PERL="mod_perl/1.24"
===
To: Stef Telford <stef@Chronozon.dyndns.org>
From: siberian <siberian@siberian.org>
Subject: Re: HTTP_REFERRER and Mod_perl
Date: Mon, 15 Jan 2001 11:15:53 -0800 (PST)
Are you hitting the page directly? If so then you will not get a referer.
You have to link to it from another page in order for that variable to be
set. If the page is the first to load in the browser there is no referring
page.
===
To: siberian <siberian@siberian.org>
From: "Stef Telford" <stef@Chronozon.dyndns.org>
Subject: Re: HTTP_REFERRER and Mod_perl
Date: Mon, 15 Jan 2001 14:36:10 -0500 (EST)
John wrote:
> Are you hitting the page directly? If so then you will not get a
referer.
> You have to link to it from another page in order for that variable to
be
> set. If the page is the first to load in the browser there is no
referring
> page.
> Just a thought!
no, thank you. it was a good question and it got me thinking.
I use the meta tags to push the person through the custom
authentication process. The thing that i notice is that all
the pages that are 'during' and the first one thereafter
(the main menu as it is) dont have this set.
When i link, they do. So i guess the moral of the story here
is that meta tag redirects DONT set the REFERER variable
at all.
which is good to know, but requires a bit of a hefty rewrite
on my end, and lots of checking the request_uri. Whelp.
thank you everyone. i cant believe it was that obvious,
but at least i will(should) have it working shortly.
===
To: "'Stef Telford'" <stef@Chronozon.dyndns.org>,
From: "Khachaturov, Vassilii"
<Vassilii.Khachaturov@comverse-in.com>
Subject: RE: HTTP_REFERRER and Mod_perl
Date: Mon, 15 Jan 2001 14:45:47 -0500
Please keep in mind that what you describe is a behaviour of one particular
user agent.
Some UAs just never send referer for anonymity. (Sometimes proxy will do
that for them). Some do it for links from a web page, but not from a file://
URL. Some don't care for the URI scheme, and you get referer's from one's
bookmarks on the disk.
So, I think, the moral of the story is that basing your site logic on smth
that requires particular way of referer tracking is not the best option. You
probably want to use some means of session control if you want to make it
more standard/portable (there are many ways of doing it - discussed lots of
times around here). I agree, however, that if you are aiming at some local
community and you are pretty sure about their least common denominator of
referer-sending behaviour, the CPU wasted at your server will be less if you
check the referer.
I personally use referer only for xrefs validation/stats purposes.
===
To: modperl@apache.org
From: "Keith G. Murphy" <keithmur@mindspring.com>
Subject: Re: HTTP_REFERRER and Mod_perl
Date: Tue, 16 Jan 2001 11:12:43 -0600
"Khachaturov, Vassilii" wrote:
>
> Please keep in mind that what you describe is a behaviour of one particular
> user agent.
> Some UAs just never send referer for anonymity. (Sometimes proxy will do
> that for them). Some do it for links from a web page, but not from a file://
> URL. Some don't care for the URI scheme, and you get referer's from one's
> bookmarks on the disk.
>
Another example:
Just noticed the other day that NS6 won't send a referer if the user
does "open in a new window" when right-clicking a link to a script.
Gack. Though I would consider that a bug.
===