Hi,

I have a cgi script. But before someone can run the script, I want to know that they are only coming from a page on my domain.
Can anyone convert this into cgi:

<script>
if (document.referrer.indexOf("my-domain.com") == -1){
window.location = "../../no-access.html";
}
</script>

Thanks

Try this:-

# Specify valid referers - only those specified may submit the form #

$referer1='http://www.whateverdomain.com/thispage.html';
$referer2='http://www.anotherdomain.com/thatpage.html';

# Check Referring URL
&check_url;


##########################################

sub check_url {

# Localize the check_referer flag which determines if user is valid. #
local($check_referer) = 0;

# Make sure that a valid referring URL was passed to FormMail. #

if ($ENV{'HTTP_REFERER'} eq $referer1) {
$check_referer = 1;
}
if ($ENV{'HTTP_REFERER'} eq $referer2) {
$check_referer = 1;
}

# If the HTTP_REFERER was invalid or blank, send back an error. #

if ($check_referer != 1) { &error('bad_referer') }

}

########################################
sub error {

if ($error eq 'bad_referer') {
print <<"(END ERROR HTML)";
Content-type: text/html

<html>
<head>
<title> Access Denied</title>
</head>
<body bgcolor=#DC143C text=#000000>
<center>
<br><br>
<table border=0 width=680 bgcolor=#9C9C9C>
<tr><th><font face="Arial" size="5">Access Denied</p>
<font size="2"><p>Error Message Here </p><br>
</font></th></tr>
</table>
</center>
</body>
</html>

(END ERROR HTML)

}

Hi

You can do something like this........





# put all the sites or pages that you would like to have access to
# your script in (@array) then at the top of your script add a (sub)
# that checks the list.............


TOP OF SCRIPT, RIGHT BELOW (BANG-BANG LINE)

#!/usr/local/bin/perl

@good = ('http://www.site1.com/users/','http://www.site2.net/');

&check_url;


NOW AT THE BOTTOM (OUT OF THE WAY), PUT THIS (sub)

sub check_url {

local($check_referer) = 0;


if ($ENV{'HTTP_REFERER'}) {
foreach $request (@good) {
if ($ENV{'HTTP_REFERER'} =~ "$request") {
$check_referer = 1;
}
}
}

if ($check_referer != 1) {

# bad location (bye-bye)

print "Location:http://www.fbi.com\n\n";

}
}

# if a good (referer) is found it will just (continue) your script!





F!

Hi,

Great work on all the replies. But can any of these be changed to where it looks for the actual index of the domain (my-domain.com instead of my-domain.com/page.html)?

Also, my script is being linked to using an image tag, so is there anyway to just make the cgi quit dead in it's tracks, instead of trying to send them off somewhere else?

Thanks

If only one domain is acceptable, then you can simplify things to:-


if ($ENV{'HTTP_REFERER'} ~ m/\@yourdomainname.com) {
$check_referer = 1;
}


i.e. if the referer contains "@yourdomain.com" then set the check_referer flag to 1

Of course, the logic can be reversed:


if ($ENV{'HTTP_REFERER'} !~ m/\@yourdomainname.com) {
$check_referer = 1;
}

i.e. if the referer does NOT contain "@yourdomain.com" then
set the flag to 1.

Then depending on the logic and what you desire either display an error message or simply



if ($check_referer = 1) { ## (or !=1 for not equal to 1)
exit;
}

which will terminate the program.

Be warned that the referer can be faked, though, so this will not really stop others linking to your script.

Hi,

Great job. I'm using the image tag I mentioned I mentioned earlier on my thankyou page to credit affiliates in my affiliate program. Is there anyway to fullproof it?

Thanks again