homepage Welcome to WebmasterWorld Guest from 54.145.243.51
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Code, Content, and Presentation / Perl Server Side CGI Scripting
Forum Library, Charter, Moderators: coopster & jatar k & phranque

Perl Server Side CGI Scripting Forum

    
Intermittent Error on Form Submit
Sorry this CGI is only available to ...
Mardi_Gras

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 4144 posted 8:51 pm on Jul 19, 2005 (gmt 0)

A very small number of visitors to one of my sites are telling me they cannot submit my contact form. They get an error mesage that says Sorry this CGI is only availble to sites hosted by (provider).

The provider's idea was to tell all my users to flush their browser cache and delete cookies before submitting the form. Right.

Since we are in the middle of a major campaign and cannot move the site at this moment, I am looking for a fix. Any ideas? Is it my script, the user's browser, or the host causing the problem?

By the way, I cannot reproduce the error but I have had enough complaints to know it is real.

 

wdr1



 
Msg#: 4144 posted 11:45 pm on Jul 19, 2005 (gmt 0)

My guess would be that the referer is being checked & doesn't have the expected site. Do you get the error if you copy & paste the submission url into the location bar? Could be the referer has to be 'www.site.com' and the affected users are surfing to 'site.com'?

Again, this is all guessing.

HTH,
-Bill

WWMike

5+ Year Member



 
Msg#: 4144 posted 3:59 pm on Jul 20, 2005 (gmt 0)

I agree with the reply above. The script is probably trying to eliminate remote access from outside domains and is not accounting for subdomains (which should be valid). To test that theory try submitting your form from both domain.com/form.html and www.domain.com/form.html to see if it happens to you. If it does, you can either add the missing variation to the script where it checks for that or better yet, ask your host to always redirect one variation to the other.

Mardi_Gras

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 4144 posted 4:21 pm on Jul 20, 2005 (gmt 0)

Thanks, guys. I will give that a try.

SeanW

10+ Year Member



 
Msg#: 4144 posted 4:59 pm on Jul 20, 2005 (gmt 0)

If it's your script (ie you can edit it), look for references to $ENV{'HTTP_REFERER'} (and yes, the mispelling is intentional). Remove the check.

Sean

WWMike

5+ Year Member



 
Msg#: 4144 posted 8:23 pm on Jul 20, 2005 (gmt 0)

Even if it is your script, I strongly suggest that you DON'T remove the domain check unless you're perfectly OK with the extremely likely possibility that some malicious or curious person will remotely submit your script countless times per second, filling up your inbox and leaving you scrambling to disable the script as you curse yourself and everyone else while struggling to put the domain check back in so that your script can go back live.

Just add all possible VALID domains to the list and do it right the first time.

The sections in question should look something like this:

@okaydomains=("http://mydomain.com", "http://www.mydomain.com");

sub valid_page
{
if (@okaydomains == 0)
{return;}
$DOMAIN_OK=0;
$RF=$ENV{'HTTP_REFERER'};
$RF=~tr/A-Z/a-z/;
foreach $ts (@okaydomains) {
if ($RF =~ /$ts/)
{ $DOMAIN_OK=1; }
}
if ( $DOMAIN_OK == 0) {
print "Content-type: text/html\n\n Sorry....Cant run from here!";
exit;
}
}

SeanW

10+ Year Member



 
Msg#: 4144 posted 9:05 pm on Jul 20, 2005 (gmt 0)


extremely likely possibility that some malicious or curious person will remotely submit your script countless times per second

There are easier, better ways to do this, such as recording the IP address and not taking any action if a certain threshold is exceeded. A dbm file will take care of this easily.

HTTP_REFERER is supplied by the client, and as such, can't be trusted. It is not a security mechanism.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / Perl Server Side CGI Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved