HTTP Referer Protection via Firewall

By Deane Barker on September 6, 2004

Outpost Firewall: This personal firewall blocks outgoing HTTP referrers, which we’ve discussed before as being a potential security hole. Webmasters just see this in their referrer logs:

Field blocked by Outpost (http://www.agnitum.com)

It must have to parse the text of the HTTP request and manually modify the line which includes the HTTP Referer header. Interesting.

Is this common for firewalls? This is the only “hacked” referrer I remember seeing in my logs.

Gadgetopia

Comments

  1. Norton’s firewall package has an option for blocking HTTP referers. It’s actually on by default in at least some of their packages. Rather than adding a false referrer, like the firewall you mention, it simlpy strips out the referrer string (as if you’d selected the link from a shortcut or typed it in directly.)

    Personally, I find this really annoying. Maybe I’m uninformed, but I can’t think of any serious security risks associated with the referrer. However, it is quite possible to set up very useful dynamic pages based on referrer information. (Such as amaking sure that certain pages are reached only from within your site.)

    I’ve always considered referrer blocking in firewalls just to be another useless widged that software makers can put on the box to make you think their package is better than someone elses, without actually adding any real value. Am I wrong?

  2. I use HTTP-Referer to check if somebody posts their comment on my page from within my page. If it comes from another page it does not work.

    I think thats a useless function.

Comments are closed. If you have something you really want to say, email editors@gadgetopia.com and we‘ll get it added for you.