Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 9 of 9
  1. #1
    New to the CF scene
    Join Date
    Jan 2007
    Posts
    5
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Authenticating a website

    OK Here it goes.

    I've been trying to find the answer to this problem for a few days now and I'm completely stumped.

    I am trying to find a way to know what website has called an image from our server. For instance if website A placed an image from my server on a page, what is the url of that page?

    I know that you can use ASP ServerVariables("HTTP_REFERER") as one method but I also know that this is unreliable as header information can be spoofed and if the image is called from a secure page (HTTPS) then there is no HTTP_REFERER information sent in the headers.

    I know that there must be a way to do this because when I look at my website stats using AWStats I see visitors that come from secure sites such as https://www.paypal.com

    If AWStats can track the referring websites that are visiting from HTTPS then there must be a way to do it.

    Can someone help???

    Teleport yourself into a new career...

  • #2
    Senior Coder
    Join Date
    Nov 2002
    Location
    North-East, UK
    Posts
    1,265
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Look at your webserver logs.

  • #3
    New to the CF scene
    Join Date
    Jan 2007
    Posts
    5
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Gee degsy what help you've been!

    Certainly there's got to be someone that actually has something more constructive to input. I can look at my logs with no problem.

    The question is:

    What method is used to achieve the result? I already know the result.
    Teleport yourself into a new career...

  • #4
    Senior Coder
    Join Date
    Nov 2002
    Location
    North-East, UK
    Posts
    1,265
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I meant to say
    look at your webserver logs and see if you are getting the same info or if they are detecting the referers.

    AFAIK IIS and Apache use the HTTP_REFERER server variable to record the referer, so it should be the same as in the scripts.

    If you are getting fuller info from the log you could parse it.


    Have you looked into the AWStats scripts to see what method they are using?

  • #5
    New to the CF scene
    Join Date
    Jan 2007
    Posts
    5
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Hi degsy,

    I'll see if I can look at the IIS logs. As for the AWstats scripts do you know if these are publicly available?

    I'm on a hosted server and don't have access to the scripts.

    I'm really confused about the whole thing. The more I read, the more I realize why the referer is not relayed for secure pages. However, why does paypal get relayed. It seems to be the only one!?
    Teleport yourself into a new career...

  • #6
    Senior Coder
    Join Date
    Nov 2002
    Location
    North-East, UK
    Posts
    1,265
    Thanks
    0
    Thanked 0 Times in 0 Posts
    You can install your own version of awstats on your server
    http://awstats.sourceforge.net/

  • #7
    New to the CF scene
    Join Date
    Jan 2007
    Posts
    5
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Thanks degsy,

    I'll give it a try.
    Teleport yourself into a new career...

  • #8
    New to the CF scene
    Join Date
    Jan 2007
    Posts
    5
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Eureka!!!

    EUREKA!!!

    I think that I have solved this problem. From what I can tell the HTTP_REFERER will NOT be sent through the HTTP headers in IE or FireFox if a client has clicked on a link on a secure page.

    However; if an image is displayed on a secure page then the referring URL IS passed in the headers. I just tested this in IE and FireFox. I can't speak for other browsers.

    Stupid me. I was testing this with clickable links rather than trying with an image. This explains why PayPal shows up in my AWstats logs. They are pulling an image from my server.

    Of course now I feel stupid.
    Teleport yourself into a new career...

  • #9
    Senior Coder
    Join Date
    Nov 2002
    Location
    North-East, UK
    Posts
    1,265
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Nice


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •