Spotmau BootCD - Boot CD for all Windows versions
You are not logged in. [Log In] PCTechGuide » Forums » PCTG Forums » Site Feedback » 'Referer' header required to post to the forum?
Register User    Forum List        Calendar     Active Topics     FAQ
Who's Online
1 registered (suoying14), 9 Guests and 7 Spiders online.
Key: Admin, Global Mod, Mod
Newest Members
jack larry, dedicatedpromo, suki7799, Yalomdin, droidxipad
2895 Registered Users
September
Su M Tu W Th F Sa
1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30
Forum Stats
2896 Members
19 Forums
1539 Topics
4412 Posts

Max Online: 297 @ Sun Jul 29 2007 01:05 AM
Topic Options
#5823 - Thu Apr 05 2007 08:20 PM 'Referer' header required to post to the forum?
DaveF Offline
journeyman

Registered: Wed Jan 08 2003
Posts: 90
Loc: Canada
Why does this forum require me to enable the 'referer' header in (some of) the http requests I send? I ask for reasons of curiosity.

See, as you probably know, the referer header reveals information on the browsing habits of the visitor. I turn it off because it's generally useless to the destination website and, in some small way, it's a security (privacy) risk. Most websites function as well without it but, every once in a while, I come across one that doesn't. Now, I suppose I could write a wrapper that spoofs the referer header to always send something bogus like 'whitehouse.gov' or something equally inane. But I'm not convinced that would work on this forum 'cause I can get into and read the forum all right with the header disabled. It's solely when I want to post that it gives me an error message.

So, as I said, curiosity has bitten me. I'm wondering in precisely what way the UBB software uses the referer header and what sort of validation checks is it doing?

Now, admittedly, this question is a bit esoteric so I'd fully understand if it receives no response. It's just that, in order to post, I have to locate and fire up Internet Exploder. That's not the end of the world but it is a pain in the nether regions, if you know what I mean.

Dave

Top
#6708 - Mon Jun 15 2009 07:57 AM Re: 'Referer' header required to post to the forum? [Re: DaveF]
nowpc Offline
Peripa-techie
old hand

Registered: Fri Jul 06 2001
Posts: 1034
Loc: UK
I can't believe it's taken over two years for me to spot this question and reply to it! Somehow it's passed me by, for which I can only apologise.

Ok, the forums software used here on PCTechGuide is UBBThreads. This is PHP based software which uses the referer header as part of its security measures. Many server side scripts and software use the referer header as a means of checking that submitted data comes from a single, legitimate source.

The reason is to help prevent "bot" attacks. If a virus running on some server somewhere in the world tried to feed SPAM or whatever posts directly to the PCTechGuide forums' scripts, it would fail. Data submitted to the site MUST identify itself as being from a legitimate local reference.

Now as you have said, this header can be spoofed, but it forms only one part of a range of security checks that are applied to POST and GET forum data, including for instance IP lookups, CAPTCHA, and several others. Of course no computer security is foolproof, but covering the known bases certainly helps. wink

Thanks for the question, Dave, and I hope this helps. smile
_________________________

Freelance Web Developer and IT Consultant

Top


Moderator:  clinton, nowpc 
Privacy statement · Board Rules · Mark all read
Contact Us · PCTechGuide · Top