it seems I have run into a problem with Internet Explorer 7.
I have an html page that has links to files on another server. The server I am linking to checks the referrer of the request and if the referrer is valid, it allows access to the resource. It works fine in firefox 2 and 3 (as the server my html page is located on is a valid referer) but in internet explorer it doesn't work, the other server denies me the resource(generates an http 403 error). I was doing some searching and stumbled on this http://support.microsoft.com/kb/178066 and I have tried the html page in both https and http and same thing for the server I am connecting to but I get nothing Internet explorer. what can I do to work around this?
thank you
You may want to use a different mechanism anyway. Referrers are easily spoofed. Checking referrers really isn't a good security solution, and if they're going to cause you headaches like this, maybe you want to find another way.
For example, the server generating the first page could add an authorization token to the URLs to the second server, and the second server could check that the tokens are valid. This way, all of the details are under your control, and the only browser behavior you're counting on is that the full URL is sent to the second server.
How are you "getting to" the file in question?
IF YOU ARE USING JAVASCRIPT to get to the file, IE WILL FAIL.
IE has had a major bug since the dawn of time on this.
e.g. document.location.href = 'myNewPage.html'; //FAILS to pass referer in IE
Bug #421 over on Web Bug Track
won't be fixed in IE8 either! :-(
I find this solution at http://dracoblue.net/dev/referer-with-documentlocation-is-broken-in-internet-explorer/145/ , but i haven't tried myself
function goto(url)
{
var referLink = document.createElement('a');
referLink.href = url;
document.body.appendChild(referLink);
referLink.click();
}
I have resolved it, include this code in all pages of your project
session_start();
if($_SERVER['SERVER_PORT'] == 443 )
$http = 'https://';
else
$http = 'http://';
$adress = $http.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
$_SESSION['referer'] = $_SESSION['current_page'];
$_SESSION['current_page'] = $adress;
$_SERVER['HTTP_REFERER'] = $_SESSION['referer'];
I'm not using IE7 so I can not check this.. but I guess this should work without problems:
<script type="text/javascript">
document.location= "www.your-server.com/your_page.html?referrer=" + document.location.href;
</script>
And than on the the second server you can check the value of the referrer parameter instead of relying on whether browser sends the referrer or not.
Disable firewalls, and anti-virus /or anti-spyware checking and see if that helps. I know this may sound trollish, but I've personally seen many instances where the problem miraculously disappeared when this advice was taken.
They tend to have an overzealous idea sometimes of what "Secure" is, and break browser behaviour in the progress. ( If you have AVG and have problems with email ( pop3 ), turn off AVG and watch email magically return to working status )
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 走好不送 的文章《Internet Explorer http referer issue》','https://www.manongdao.com/article-127345.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}