Closed Thread Icon

Preserved Topic: who requested me? Pages that link to <a href="https://ozoneasylum.com/backlink?for=18445" title="Pages that link to Preserved Topic: who requested me?" rel="nofollow" >Preserved Topic: who requested me?\

 
Author Thread
lallous
Paranoid (IV) Inmate

From: Lebanon
Insane since: May 2001

posted posted 07-06-2002 11:00

Hello,

is it possible for a document to tell who requested?
(as it is possible for a document to tell its refeerer)

Nevel
Bipolar (III) Inmate

From: Amsterdam
Insane since: Jun 2002

posted posted 07-06-2002 18:42

What exactly do you mean by requesting? <img src="a.php"> or something like that?

Slime
Lunatic (VI) Mad Scientist

From: Massachusetts, USA
Insane since: Mar 2000

posted posted 07-06-2002 23:05

document.referrer

(The correct spelling of the word is referer, I believe, but it was misspelled in the original implementation, so they're sticking with it.)

lallous
Paranoid (IV) Inmate

From: Lebanon
Insane since: May 2001

posted posted 07-15-2002 08:27

no Slime more than that....

who requested me and not who refeered me actually...


if in my code i do this:

this code is surfed on this site http://yoursite.com/index.htm

code:
<body>
<img src='http://mysite.com/imagerender.php?template=circle'>
</body>



can my imagerender.php which is located on mysite.com tell that index.htm @ yoursite.com requested it?

thanks,

mr.maX
Maniac (V) Mad Scientist

From: Belgrade, Serbia
Insane since: Sep 2000

posted posted 07-15-2002 10:34

That data is stored in HTTP_REFERER server variable (it holds domain as well as filename/path)...


lallous
Paranoid (IV) Inmate

From: Lebanon
Insane since: May 2001

posted posted 07-15-2002 12:00

yes and no....

i had an idea that data requests (like when requesting for images and binary files), the requester doesn't really have to send the refeerer, therefore the HTTP_REFEERER solution is then browser specific.

for data requests i noticed that:
ie , ns6 , opera: sends the refeerer
ns4 : doesn't ...

thanks slime, mr.max .

edit: testing the requestor...

[This message has been edited by lallous (edited 07-15-2002).]

Nevel
Bipolar (III) Inmate

From: Amsterdam
Insane since: Jun 2002

posted posted 07-15-2002 13:32

That's right, the HTTP_REFERER is officially non-100% proof. Nice, huh?

Luckily, JavaScript offers us 'location.href', which represents the url of the current document. Now lets use some js to create your img-src:

<img id="myImg">

<script type="text/JavaScript">
var imgSrc = 'whatever.php?from=' + location.href;
if(document.getElementById) document.getElementById('myImg').setAttribute('src', imgSrc);
else document.images.myImg.src = imgSrc;
</script>

'whatever.php' now receives a parameter called $from, which will give you the url from the requesting page.

lallous
Paranoid (IV) Inmate

From: Lebanon
Insane since: May 2001

posted posted 07-15-2002 14:23

Nevel, the one problem is that i cannot add that js code along with the <img> tag , nice attempt though.

mr.maX
Maniac (V) Mad Scientist

From: Belgrade, Serbia
Insane since: Sep 2000

posted posted 07-15-2002 15:23

Lallous, I just did a quick test and Netscape Navigator 4.79 did send referrer variable to the test script, which was called from a different domain via <IMG> tag. Maybe something is wrong with your NN4? AFAIK, web browsers should always send referrer variable (unless web site visitor uses firewall that block referrer variable), no matter whether web site visitor followed a link or visited a page that includes files from other domains...


lallous
Paranoid (IV) Inmate

From: Lebanon
Insane since: May 2001

posted posted 07-15-2002 16:10

mr.Max : today i'm not focusing well!

As I rechecked the log again:

quote:
SERVER_VARS:
array(29) {
["DOCUMENT_ROOT"]=>
string(19) "/home/lgwm/lgwm-www"
["HTTP_ACCEPT"]=>
string(62) "image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png"
["HTTP_ACCEPT_CHARSET"]=>
string(18) "iso-8859-1,*,utf-8"
["HTTP_ACCEPT_ENCODING"]=>
string(4) "gzip"
["HTTP_ACCEPT_LANGUAGE"]=>
string(2) "en"
["HTTP_CONNECTION"]=>
string(10) "Keep-Alive"
["HTTP_HOST"]=>
string(8) "lgwm.org"

["HTTP_REFERER"]=>
string(32) "http://www.lgwm.org/ozone/i3.htm"

["HTTP_USER_AGENT"]=>
string(37) "Mozilla/4.73 [en] (Windows NT 5.0; I)"
["PATH"]=>
string(28) "/usr/bin:/bin:/usr/local/bin"
["REMOTE_ADDR"]=>
string(14) "216.239.51.100"
["REMOTE_PORT"]=>
string(4) "1317"
["SCRIPT_FILENAME"]=>
string(32) "/home/lgwm/lgwm-www/ozone/i3.php"
["SERVER_ADDR"]=>
string(13) "208.56.14.225"
["SERVER_ADMIN"]=>
string(18) "webmaster@lgwm.org"
["SERVER_NAME"]=>
string(8) "lgwm.org"
["SERVER_PORT"]=>
string(2) "80"
["SERVER_SIGNATURE"]=>
string(0) ""
["SERVER_SOFTWARE"]=>
string(81) "Apache/1.3.20 (Unix) ApacheJServ/1.1.2 PHP/4.2.1 FrontPage/5.0.2.2510 Rewrit/1.1a"
["GATEWAY_INTERFACE"]=>
string(7) "CGI/1.1"
["SERVER_PROTOCOL"]=>
string(8) "HTTP/1.0"
["REQUEST_METHOD"]=>
string(3) "GET"
["QUERY_STRING"]=>
string(0) ""
["REQUEST_URI"]=>
string(13) "/ozone/i3.php"
["SCRIPT_NAME"]=>
string(13) "/ozone/i3.php"
["PATH_TRANSLATED"]=>
string(32) "/home/lgwm/lgwm-www/ozone/i3.php"
["PHP_SELF"]=>
string(13) "/ozone/i3.php"
["argv"]=>
array(0) {
}
["argc"]=>
int(0)
}



yes you are right,

thanks you.



[This message has been edited by lallous (edited 07-15-2002).]

Nevel
Bipolar (III) Inmate

From: Amsterdam
Insane since: Jun 2002

posted posted 07-15-2002 16:19

Hmz, I'm glad it works, but *somewhere* on php.net(can't #%$#% find it) it says that HTTP_REFERER isn't foul-proof...

Slime
Lunatic (VI) Mad Scientist

From: Massachusetts, USA
Insane since: Mar 2000

posted posted 07-15-2002 17:43

It's not. Browsers aren't *required* to send the referer, but most do.

mr.maX
Maniac (V) Mad Scientist

From: Belgrade, Serbia
Insane since: Sep 2000

posted posted 07-15-2002 19:30

Plus, as I've said above, some firewalls also block referrer variable, because it is considered as violation of privacy...


« BackwardsOnwards »

Show Forum Drop Down Menu