Problems with referer checking?

[Armitage]

On my site, I use referer checking to make sure nobody is externally linking to some files. I extract the referer info with perl using the following construct:

$ENV{'HTTP_REFERER'}

A very small number of my users have had trouble with this - they come back with no referer info. Most problems were tracked down to the use of a firewall with a "referer blocking" feature, but there are a small number that still have the issue.

Any ideas what else may be going on here??
Thanks

 

[Barnaby W. Füi]

The referrer is sent by the client, so it can send whatever it wants. Many (most?) browsers let you disable sending the referrer in requests. Checking the referrer can be useful for various things, but you can't rely on it always being there, or being accurate.

Also, generally, if you type an address into the address bar, or if you open a link in a new window/tab, a referrer won't be sent.

 

[Armitage]

Originally posted by: BingBongWongFooey
The referrer is sent by the client, so it can send whatever it wants. Many (most?) browsers let you disable sending the referrer in requests. Checking the referrer can be useful for various things, but you can't rely on it always being there, or being accurate.

I'm finding that for the vast majority of our users it works fine. But for a very few it doesn't. So I've found another way to prevent external linking and disabled the referer check.

Also, generally, if you type an address into the address bar, or if you open a link in a new window/tab, a referrer won't be sent.

Yep ... considered all that and there were still users it didn't work for.