Welcome to WebmasterWorld Guest from 54.157.222.62

Forum Moderators: phranque

Message Too Old, No Replies

How to enforce local referrers for images, stylesheets and scripts

Windows 2003

   
9:48 am on Jun 18, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member




Needing some help on this to pass a pen-test - any ideas?

Thanks
4:10 am on Jul 18, 2010 (gmt 0)

WebmasterWorld Senior Member lammert is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



Hi aspdaddy,

Your question has been hanging around here for a while and I don't know if it is still relevant, but as I understand it, you want to make sure that calls for images, stylesheets and scripts all have a referrer from the same site as these files are located on. Is that a correct interpretation of the problem?
1:22 am on Jul 19, 2010 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member



Enforcing local referrers might break things for those whose browsers are configured not to send the referrer or are using an an Anonymous proxy server.
Just something to keep in mind.
8:01 am on Jul 19, 2010 (gmt 0)

5+ Year Member



Intranet (i.e. you control, or can control, the browser) or Internet (you don't)?

You can also set up session handling and start a session on the referring page that you check for before serving the protected file (you can also check that both requests have the same user agent string, IP addresses in the same block etc).
4:02 pm on Jul 22, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Lammert - yes.
Status - Internet.

Thanks