You are viewing a plain text version of this content. The canonical link for it is here.
Posted to apache-bugdb@apache.org by Micha Brans <m....@sitehost.nl> on 2001/03/07 11:29:16 UTC

other/7370: $HTTP_REFERER gives no good information

>Number:         7370
>Category:       other
>Synopsis:       $HTTP_REFERER gives no good information
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    apache
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Wed Mar 07 02:30:01 PST 2001
>Closed-Date:
>Last-Modified:
>Originator:     m.brans@sitehost.nl
>Release:        1.3.17
>Organization:
apache
>Environment:
Linux CP36263-A 2.2.16-22 #1 Tue Aug 22 16:49:06 EDT 2000 i686 unknow
>Description:
When somebody comes to our server via a link, the $HTTP_REFERER gives the correct information. But when I go to a site just bij typing in the URL the $HTTP_REFERER has to be empty, but gives always "http://www.sitehost.nl:9999/apache/"
>How-To-Repeat:
1.
go to http://www.sitehost.nl en view the source. You will see 1 line containing <frame name = 'STAT' scrolling = 'NO' noresize src = 'stats/maak.php?domein=www.sitehost.nl&via=http://www.sitehost.nl:9999/apache/' frameborder = 'NO' bordercolor = '#FFFFFF'>
This source is made by a php-script who places the HTTP_REFERER after "via=".
This should be empty!

2.
Go to "http://www.ilse.nl/searchresults.dbl?oldquery=&LANGUAGE=NL&profile=st&family=no&search_for=sitehost" and take the link to SiteHost. When you look in the source now you wil see "<frame name = 'STAT' scrolling = 'NO' noresize src = 'stats/maak.php?domein=www.sitehost.nl&via=http://www.ilse.nl/searchresults.dbl?oldquery=&LANGUAGE=NL&profile=st&family=no&search_for=sitehost' frameborder = 'NO' bordercolor = '#FFFFFF'>"
>Fix:
No, I'm sorry
>Release-Note:
>Audit-Trail:
>Unformatted:
 [In order for any reply to be added to the PR database, you need]
 [to include <ap...@Apache.Org> in the Cc line and make sure the]
 [subject line starts with the report component and number, with ]
 [or without any 'Re:' prefixes (such as "general/1098:" or      ]
 ["Re: general/1098:").  If the subject doesn't match this       ]
 [pattern, your message will be misfiled and ignored.  The       ]
 ["apbugs" address is not added to the Cc line of messages from  ]
 [the database automatically because of the potential for mail   ]
 [loops.  If you do not include this Cc, your reply may be ig-   ]
 [nored unless you are responding to an explicit request from a  ]
 [developer.  Reply only with text; DO NOT SEND ATTACHMENTS!     ]