Welcome to WebmasterWorld Guest from 54.196.244.245

Forum Moderators: phranque

Message Too Old, No Replies

How to enforce local referrers for images, stylesheets and scripts

Windows 2003

     
9:48 am on Jun 18, 2010 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:June 13, 2002
posts:2162
votes: 0



Needing some help on this to pass a pen-test - any ideas?

Thanks
4:10 am on July 18, 2010 (gmt 0)

Senior Member from KZ 

WebmasterWorld Senior Member lammert is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Jan 10, 2005
posts: 2886
votes: 1


Hi aspdaddy,

Your question has been hanging around here for a while and I don't know if it is still relevant, but as I understand it, you want to make sure that calls for images, stylesheets and scripts all have a referrer from the same site as these files are located on. Is that a correct interpretation of the problem?
1:22 am on July 19, 2010 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:May 31, 2005
posts:1108
votes: 0


Enforcing local referrers might break things for those whose browsers are configured not to send the referrer or are using an an Anonymous proxy server.
Just something to keep in mind.
8:01 am on July 19, 2010 (gmt 0)

Full Member

5+ Year Member

joined:Jan 4, 2007
posts:221
votes: 0


Intranet (i.e. you control, or can control, the browser) or Internet (you don't)?

You can also set up session handling and start a session on the referring page that you check for before serving the protected file (you can also check that both requests have the same user agent string, IP addresses in the same block etc).
4:02 pm on July 22, 2010 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:June 13, 2002
posts:2162
votes: 0


Lammert - yes.
Status - Internet.

Thanks
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members