Validating user referring host

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Mark F
    #1

    Validating user referring host

    What is the best way to ensure that a user who is entering your application
    can only come to it through a particular server. We were using a tomcat
    filter to check the refer string, parsing out the hostname, but that does
    not seem to be reliable.

    Your suggestions and comments are appreciated.

    -Mark




    -----= Posted via Newsfeeds.Com, Uncensored Usenet News =-----
    http://www.newsfeeds.com - The #1 Newsgroup Service in the World!
    -----== Over 100,000 Newsgroups - 19 Different Servers! =-----
    Tags: None
    • Jonas Kongslund
      #2
      Re: Validating user referring host

      Mark F wrote:
      [color=blue]
      > What is the best way to ensure that a user who is entering your
      > application can only come to it through a particular server.[/color]

      Please elaborate on this. I'm not quite sure I understand your question.
      [color=blue]
      > We were using a tomcat
      > filter to check the refer string, parsing out the hostname, but that does
      > not seem to be reliable.[/color]

      Indeed, that is not very reliable. Anybody can fake the referer header and
      clients are not obligated to send it at all.

      See section 10.34 of the HTTP/1.1 specification:
      <http://www.w3.org/Protocols/HTTP/1.1/spec.html#Refer er>

      --
      Jonas Kongslund

        Comment

        Previous template Next
        Working...