[Gllug] Dishonouring Redirects

Matthew Cooke mpcooke3 at hotmail.com
Mon May 23 20:29:54 UTC 2005


Steve Nelson wrote:

>Hello Chums,
>
>How would you go about forbidding a request which came from a redirect?
>
>  
>
Unfortunately a redirect results in the browser making a normal http 
request.
Although filtering based on referrer name is unlikely to result in false 
positives (the blocking of valid requests) it may not be very effective 
as normally the referrer in the case of a redirect is the original page 
referrer not the redirecting URL. So to effectively block based on the 
referrer header you would need to find the pages that the 
http://www.groupedanone.com/ link was on and block those referrers.

It has always been possible (in several ways) to make a link look like 
one thing and go somewhere else so I would question if it's worth 
blocking this.

For instance if I want i can put a link like this <a 
href="http://microsoft.com">crapheads.com</a> or dns alias crapheads.com 
to microsoft.com
The web was designed in such a way that people can link to websites 
however they want -  it isn't really a flaw in the same way as making a 
crapheads.com page look like it is actually microsoft.com in the URL bar.

Matt.
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug




More information about the GLLUG mailing list