httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Boyle Owen" <Owen.Bo...@swx.com>
Subject RE: [users@httpd] URL Problem
Date Fri, 21 Feb 2003 13:38:53 GMT
>-----Original Message-----
>From: Kuldeep Singh [mailto:kuldeep@mahindrabt.com]
>
>Will the two urls given below produce different HTTP_ REFERER???
>
>Lets say from my forms my line is
>/cgi-bin/dispdir.exe
>
>and from the url it would be
>http://myserver.com/cgi-bin/dispdir.exe
>
>should I interpret http:://myserver.com/cgi-bin/* ????? and force the
>user back to the homepage??
>
>I tried using redirect but it also redirected even when called from
>from. My line was
>Redirectmatch /cgi-bin/* http:://myserver.com/login.shtml

A RedirectMatch isn't sufficient because it can't be made conditional. You need to use mod_rewrite
for this kind of server-sided processing. 

The Referer header contains the URL of the page the user was sitting on when they clicked
the submit button. So for your form it will be http://server/form-dir/some-form.html. If the
user types it in directly, the Referer header is empty.

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored. 


>
>-----Original Message-----
>From: Boyle Owen [mailto:Owen.Boyle@swx.com]
>Sent: Friday 21 February 2003 11:20AM
>To: users@httpd.apache.org
>Subject: RE: [users@httpd] URL Problem
>
>>-----Original Message-----
>>From: Kuldeep Singh [mailto:kuldeep@mahindrabt.com]
>>
>>My problem is compounded by the fact that our scripts are already
>>written and we cant modify them. How do those website work 
>wherein when
>>one tries to access a program they give you error or take back to the
>>first page?
>
>You need to intercept some attribute of the request and make a
>conditional reply. The easiest way, if you are using a CGI, is to do it
>in the program but if you can't modify the CGI, that is out...
>
>So the solution looks remarkably similar to today's other problem
>(http://marc.theaimsgroup.com/?l=apache-httpd-users&m=104582099
>925901&w=
>2), that is to use mod_rewrite based on the Referer header. Although it
>would mean changing the name of the program in the form so that you can
>redirect to it... Can you do this?
>
>Example:
>
>	RewriteCond %{HTTP_REFERER} <string_in_form_URL>
> 	RewriteRule /cgi/fake_prog_name http://server/cgi/real_prog_name
>[P,L]
> 	RewriteRule /cgi/fake_prog_name http://server.com/index.html [R]
>
>Check the docs for mod_rewrite for more details.
>
>Rgds,
>Owen Boyle
>Disclaimer: Any disclaimer attached to this message may be ignored.
>
>>
>>Kuldeep
>>
>>-----Original Message-----
>>From: Boyle Owen [mailto:Owen.Boyle@swx.com]
>>Sent: Friday 21 February 2003 10:14AM
>>To: users@httpd.apache.org
>>Subject: RE: [users@httpd] URL Problem
>>
>>>-----Original Message-----
>>>From: Kuldeep Singh [mailto:kuldeep@mahindrabt.com]
>>>
>>>We have implemented a custom userid/password mechanism wherein we ask
>>>the user and password on the first page and then we show him the menu
>>>what depending on his userid privileges. But he can execute 
>my cgi-bin
>>>programs directly by typing the following in the url address box
>>>www.website.cgi-bin/program.exe . How do I make him comeback to the
>>>first page even if he enters the above url as the programs in the
>>>cgi-bin folder are meant to be executed through the forms and not
>>>directly.
>>
>>One way to do it might be to check the Referer header in the CGI and
>>check that it matches the URL of the form, e.g. (assuming Perl)
>>
>>$ENV{'HTTP_REFERER'} =~ /$some_string_in_form_URL/ or
>>send_to_homepage();
>>
>>Rgds,
>>Owen Boyle
>>Disclaimer: Any disclaimer attached to this message may be ignored.
>>
>>>
>>>Regards
>>>Kuldeep
>>>
>>>*********************************************************
>>>Disclaimer
>>>
>>>This message (including any attachments) contains
>>>confidential information intended for a specific
>>>individual and purpose, and is protected by law.
>>>If you are not the intended recipient, you should
>>>delete this message and are hereby notified that
>>>any disclosure, copying, or distribution of this
>>>message, or the taking of any action based on it,
>>>is strictly prohibited.
>>>
>>>*********************************************************
>>>
>>>Visit us at http://www.mahindrabt.com
>>>
>>>
>>>
>>>
>>>---------------------------------------------------------------------
>>>The official User-To-User support forum of the Apache HTTP
>>>Server Project.
>>>See <URL:http://httpd.apache.org/userslist.html> for more info.
>>>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>>>For additional commands, e-mail: users-help@httpd.apache.org
>>>
>>>
>>
>>This message is for the named person's use only. It may contain
>>confidential, proprietary or legally privileged information. No
>>confidentiality or privilege is waived or lost by any mistransmission.
>>If you receive this message in error, please notify the 
>sender urgently
>>and then immediately delete the message and any copies of it from your
>>system. Please also immediately destroy any hardcopies of the message.
>>You must not, directly or indirectly, use, disclose, 
>distribute, print,
>>or copy any part of this message if you are not the intended 
>recipient.
>>The sender's company reserves the right to monitor all e-mail
>>communications through their networks. Any views expressed in this
>>message are those of the individual sender, except where the message
>>states otherwise and the sender is authorised to state them to be the
>>views of the sender's company.
>>
>>---------------------------------------------------------------------
>>The official User-To-User support forum of the Apache HTTP Server
>>Project.
>>See <URL:http://httpd.apache.org/userslist.html> for more info.
>>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>>For additional commands, e-mail: users-help@httpd.apache.org
>>
>>*********************************************************
>>Disclaimer
>>
>>This message (including any attachments) contains
>>confidential information intended for a specific
>>individual and purpose, and is protected by law.
>>If you are not the intended recipient, you should
>>delete this message and are hereby notified that
>>any disclosure, copying, or distribution of this
>>message, or the taking of any action based on it,
>>is strictly prohibited.
>>
>>*********************************************************
>>
>>Visit us at http://www.mahindrabt.com
>>
>>
>>
>>
>>---------------------------------------------------------------------
>>The official User-To-User support forum of the Apache HTTP
>>Server Project.
>>See <URL:http://httpd.apache.org/userslist.html> for more info.
>>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>>For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP Server
>Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org
>
>*********************************************************
>Disclaimer
>
>This message (including any attachments) contains 
>confidential information intended for a specific 
>individual and purpose, and is protected by law. 
>If you are not the intended recipient, you should 
>delete this message and are hereby notified that 
>any disclosure, copying, or distribution of this
>message, or the taking of any action based on it, 
>is strictly prohibited.
>
>*********************************************************
>
>Visit us at http://www.mahindrabt.com
>
>
>
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP 
>Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org
>
>

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message