Firewall Issues

doobster

Hello, I have designed a comprehensive script in PHP. When I was adding security measures it appears I have run into a problem.

The problem seems to be with personal firewalls. I have a script that checks the $HTTP_REFERER and makes sure that it is from within my domain. This appears to be causing problems for people with firewalls. The $HTTP_REFERER is not the problem itself because it works fine for people without firewalls.

This particular script is being called from another script which is obviously why I need to verify the referer. Also, when I use the same code after performing a form post I do not have this problem.

Has any one encountered problems with firewalls and the $HTTP_REFERER? If so what did you do to solve it?

iceiceboom

Originally posted by doobster
This particular script is being called from another script which is obviously why I need to verify the referer.

Hello,

You don't NEED to verify the referer, there are other means. Using the environmental variable HTTP_REFERER is a bad idea due to firewalls, proxies, and the plain fact that some browsers don't support referers.

This is more of advice that a solution, simply because there is no solution for "needing" to use HTTP_REFERER with a firewalled client.

Also, I doubt the problem is the firewall, I think it is the browser type. Reason being, I have a personal firewall and HTTP_REFERER still returns perfectly for me. Then again, you may be using some weird firewall that disables everything...

doobster

Do you have any ideas for other means to verify that the person came from the script? I guess tracking a variable might work.