HTTP Referer Protection via Firewall
HomeLatest Entries
Craigslist Phone Verification Video Game in a Favicon Help Me Find "The Net" Sys Admin Holds San Francisco Network Hostage WordPress Gets VersioningLatest Entries in
Viruses, Hacking, and Security
BlueProximity
Cable Disruption Primer
The Russian Hacking Culture
Remember, there are only 194 countries in the world...
"the first major motion picture to accurately portray a hack"
Outpost Firewall: This personal firewall blocks outgoing HTTP referrers, which we’ve discussed before as being a potential security hole. Webmasters just see this in their referrer logs:
Field blocked by Outpost (http://www.agnitum.com)
It must have to parse the text of the HTTP request and manually modify the line which includes the HTTP Referer header. Interesting.
Is this common for firewalls? This is the only “hacked” referrer I remember seeing in my logs.
Web Hosting
Web hosting, dedicated servers and Web design services
Laser Toner Cartridges UK
laser toner, toner cartridges, hp toner, lexmark toner, samsung toner, canon, toner, epson toner, oki toner, kyocera toner, xerox toner, remanufactured toner, compatible toner
Direct TV Deals
Free 4 room direct tv deals. no equipment to buy. free fast professional direct tv installation. this is the best direct tv deal available anywhere.
SEO Article
Learn from the experts with our SEO article.
rope light
Shopping with birddog distributing, inc., gives you access to the lowest prices, the best customer service and the quickest delivery times possible.
Comments
Norton’s firewall package has an option for blocking HTTP referers. It’s actually on by default in at least some of their packages. Rather than adding a false referrer, like the firewall you mention, it simlpy strips out the referrer string (as if you’d selected the link from a shortcut or typed it in directly.)
Personally, I find this really annoying. Maybe I’m uninformed, but I can’t think of any serious security risks associated with the referrer. However, it is quite possible to set up very useful dynamic pages based on referrer information. (Such as amaking sure that certain pages are reached only from within your site.)
I’ve always considered referrer blocking in firewalls just to be another useless widged that software makers can put on the box to make you think their package is better than someone elses, without actually adding any real value. Am I wrong?
See this link for a documented security problem stemming from an HTTP referrer:
http://www.gadgetopia.com/2003/12/23/OutlookWebAccessPrivacyHole.html
Admittedly, this is because of a browser bug, but it’s still a problem.
I use HTTP-Referer to check if somebody posts their comment on my page from within my page. If it comes from another page it does not work.
I think thats a useless function.
Abusing HTTP referrer can lead to CSRF attacks. http://www.owasp.org/index.php/CSRF
rv furniture rv furniture free bollywood ringtone composers http:// coconut tree http://pohangdaryewon.com/zero/data/board2/news-1811-20080505.html landerwood landerwood main http:// get a digital camera comparison of top digital cameras http://egolfinteriors.com/catalog/download/files/text-2065.html