You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@lenya.apache.org by Gaurav Kalia <ga...@techblue.co.uk> on 2011/03/29 13:03:30 UTC
Implementing Referer check - HTTP Header
Hi All
I want to implement to the referer check for my match pattern. I think
there is something available in cocoon.
Please see the link below:
http://cocoon.apache.org/2.0/userdocs/matchers/wildcardheader-matcher.html
According to the documentation i have added the matcher entry in
sitemap and added *type="referer-match"* . But after adding this i am
getting an error "No pipeline match found" although it works fine
without it.
I also tried adding the hostname to the match pattern but no luck.
Please suggest if i am missing something.
TIA
Regards
Gaurav
--
Gaurav
Web Development
Techblue Softwares& Technology Blueprint Ltd
T : 08450047142 Extn: 5102
E : gaurav.kalia@techblue.co.uk
W : www.techblue.co.in
www.technologyblueprint.co.uk
Confidentiality Notice
The contents of this email are confidential and may be privileged, and
are intended only for the use of the person or company named herein. Any
views or opinions presented are solely those of the author and do not
necessarily represent those of Techblue software or Technology Blueprint
Limited.
If you are not the intended recipient of this email or a person
responsible for delivering it to the intended recipient, you are hereby
notified that any distribution, copying or dissemination of the
information herein is strictly prohibited.
Re: Implementing Referer check - HTTP Header
Posted by Gaurav Kalia <ga...@techblue.co.uk>.
Ok, what i did is -- when i need to call test.html i and matched
index.html with type="referer-match" and it seems to be working fine.
Is this the correct way of implementation.
Regards
Gaurav
On Wednesday 30 March 2011 01:58 PM, Gaurav Kalia wrote:
> I am not very much clear with the implementation.
>
> *What i want to achieve is --* match pattern should only work if the
> request (referer) is a particular domain due to security reason. I
> guess this will not allow any hacker to use client side code anywhere
> else to use the functionality deployed on my server.
>
> *Scenario is *-- from home page (index.html) i am calling test.html
> which contains index.html in referer. So i want test.html to only work
> if referer comes from my own domain.
>
> Please let me know if i am not clear.
>
> Please suggest how can i achieve this.
>
> Regards
> Gaurav
> On Wednesday 30 March 2011 01:50 PM, florent andré wrote:
>> humm...
>>
>> your referer is on index.html
>>
>> and your match on test.html
>>
>> a mail typo or the trick ? :)
>>
>> ++
>>
>> On 03/30/2011 09:19 AM, Gaurav Kalia wrote:
>>> Hi Florent
>>>
>>> Yes referer is present in the request header, see below
>>>
>>> Referer|http://localhost:8888/pub/live/index.html|
>>>
>>> Below is the match type and pattern that i am using in a module:
>>>
>>> <map:match pattern="http://localhost:8888/pub/live/test.html"
>>> type="referer-match">
>>>
>>> and the matcher entry in the module sitemap
>>>
>>> <map:matchers>
>>> <map:matcher name="referer-match"
>>> src="org.apache.cocoon.matching.WildcardHeaderMatcher"
>>> logger="sitemap.matcher.referer-match">
>>> <header-name>referer</header-name>
>>> </map:matcher>
>>> </map:matchers>
>>>
>>> Please suggest.
>>>
>>> Regards
>>> Gaurav
>>>
>>> On Wednesday 30 March 2011 04:19 AM, florent andré wrote:
>>>> Hi Gaurav,
>>>>
>>>> May use this documentation
>>>> http://cocoon.apache.org/2.1/userdocs/core/wildcardheader-matcher.html
>>>> (but ok, it's the same for this page).
>>>>
>>>> 2 questions :
>>>> 1) are you sure that your request contain a referer field ?
>>>>
>>>> 2) can you send snipet of code for matcher component component
>>>> configuration and of your pipeline ?
>>>>
>>>> ++
>>>>
>>>> On 03/29/2011 01:03 PM, Gaurav Kalia wrote:
>>>>> Hi All
>>>>>
>>>>> I want to implement to the referer check for my match pattern. I
>>>>> think
>>>>> there is something available in cocoon.
>>>>>
>>>>> Please see the link below:
>>>>>
>>>>> http://cocoon.apache.org/2.0/userdocs/matchers/wildcardheader-matcher.html
>>>>>
>>>>>
>>>>>
>>>>> According to the documentation i have added the matcher entry in
>>>>> sitemap
>>>>> and added *type="referer-match"* . But after adding this i am
>>>>> getting an
>>>>> error "No pipeline match found" although it works fine without it.
>>>>>
>>>>> I also tried adding the hostname to the match pattern but no luck.
>>>>>
>>>>> Please suggest if i am missing something.
>>>>>
>>>>> TIA
>>>>>
>>>>> Regards
>>>>> Gaurav
>>>>>
>>>>> --
>>>>> Gaurav
>>>>> Web Development
>>>>> Techblue Softwares& Technology Blueprint Ltd
>>>>>
>>>>> T : 08450047142 Extn: 5102
>>>>> E :gaurav.kalia@techblue.co.uk
>>>>> W :www.techblue.co.in
>>>>> www.technologyblueprint.co.uk
>>>>>
>>>>> Confidentiality Notice
>>>>>
>>>>> The contents of this email are confidential and may be privileged,
>>>>> and
>>>>> are intended only for the use of the person or company named
>>>>> herein. Any
>>>>> views or opinions presented are solely those of the author and do not
>>>>> necessarily represent those of Techblue software or Technology
>>>>> Blueprint
>>>>> Limited.
>>>>>
>>>>> If you are not the intended recipient of this email or a person
>>>>> responsible for delivering it to the intended recipient, you are
>>>>> hereby
>>>>> notified that any distribution, copying or dissemination of the
>>>>> information herein is strictly prohibited.
>>>>>
>>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: user-unsubscribe@lenya.apache.org
>>>> For additional commands, e-mail: user-help@lenya.apache.org
>>>>
>>>
>>>
>>> --
>>> Gaurav
>>> Web Development
>>> Techblue Softwares& Technology Blueprint Ltd
>>>
>>> T : 08450047142 Extn: 5102
>>> E :gaurav.kalia@techblue.co.uk
>>> W :www.techblue.co.in
>>> www.technologyblueprint.co.uk
>>>
>>> Confidentiality Notice
>>>
>>> The contents of this email are confidential and may be privileged, and
>>> are intended only for the use of the person or company named herein.
>>> Any
>>> views or opinions presented are solely those of the author and do not
>>> necessarily represent those of Techblue software or Technology
>>> Blueprint
>>> Limited.
>>>
>>> If you are not the intended recipient of this email or a person
>>> responsible for delivering it to the intended recipient, you are hereby
>>> notified that any distribution, copying or dissemination of the
>>> information herein is strictly prohibited.
>>>
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: user-unsubscribe@lenya.apache.org
>> For additional commands, e-mail: user-help@lenya.apache.org
>>
>
>
> --
> Gaurav
> Web Development
> Techblue Softwares& Technology Blueprint Ltd
>
> T : 08450047142 Extn: 5102
> E :gaurav.kalia@techblue.co.uk
> W :www.techblue.co.in
> www.technologyblueprint.co.uk
>
> Confidentiality Notice
>
> The contents of this email are confidential and may be privileged, and
> are intended only for the use of the person or company named herein. Any
> views or opinions presented are solely those of the author and do not
> necessarily represent those of Techblue software or Technology Blueprint
> Limited.
>
> If you are not the intended recipient of this email or a person
> responsible for delivering it to the intended recipient, you are hereby
> notified that any distribution, copying or dissemination of the
> information herein is strictly prohibited.
>
--
Gaurav
Web Development
Techblue Softwares& Technology Blueprint Ltd
T : 08450047142 Extn: 5102
E : gaurav.kalia@techblue.co.uk
W : www.techblue.co.in
www.technologyblueprint.co.uk
Confidentiality Notice
The contents of this email are confidential and may be privileged, and
are intended only for the use of the person or company named herein. Any
views or opinions presented are solely those of the author and do not
necessarily represent those of Techblue software or Technology Blueprint
Limited.
If you are not the intended recipient of this email or a person
responsible for delivering it to the intended recipient, you are hereby
notified that any distribution, copying or dissemination of the
information herein is strictly prohibited.
Re: Implementing Referer check - HTTP Header
Posted by Richard Frovarp <rf...@apache.org>.
On 03/30/2011 04:03 AM, Gaurav Kalia wrote:
>> May still allow an attacker to spoof the dns name - or are you using
>> an ip address?
>
> Yes attacker can spoof the DNS but match pattern with not allow the
> request to go through as it will check the referer with our own DNS.
>
> I guess referer contains the DNS from which the request is coming not
> the DNS on which application is deployed.
>
> Please suggest if i am wrong.
>
Referrer is user provided data. It can be easily spoofed. You should not
use the referrer for any sort of security.
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@lenya.apache.org
For additional commands, e-mail: user-help@lenya.apache.org
Re: Implementing Referer check - HTTP Header
Posted by Vik Tara <vi...@propco.co.uk>.
> Please suggest if i am wrong.
Seems like you are correct ;)
On 03/30/2011 10:03 AM, Gaurav Kalia wrote:
>> May still allow an attacker to spoof the dns name - or are you using
>> an ip address?
>
> Yes attacker can spoof the DNS but match pattern with not allow the
> request to go through as it will check the referer with our own DNS.
>
> I guess referer contains the DNS from which the request is coming not
> the DNS on which application is deployed.
>
> Please suggest if i am wrong.
>
> Regards
> Gaurav
>
>
> On Wednesday 30 March 2011 02:22 PM, Vik Tara wrote:
>>> match pattern should only work if the request (referer) is a
>>> particular domain due to security reason.
>> May still allow an attacker to spoof the dns name - or are you using
>> an ip address?
>>
>> On 03/30/2011 09:28 AM, Gaurav Kalia wrote:
>>> I am not very much clear with the implementation.
>>>
>>> *What i want to achieve is --* match pattern should only work if the
>>> request (referer) is a particular domain due to security reason. I
>>> guess this will not allow any hacker to use client side code
>>> anywhere else to use the functionality deployed on my server.
>>>
>>> *Scenario is *-- from home page (index.html) i am calling test.html
>>> which contains index.html in referer. So i want test.html to only
>>> work if referer comes from my own domain.
>>>
>>> Please let me know if i am not clear.
>>>
>>> Please suggest how can i achieve this.
>>>
>>> Regards
>>> Gaurav
>>> On Wednesday 30 March 2011 01:50 PM, florent andré wrote:
>>>> humm...
>>>>
>>>> your referer is on index.html
>>>>
>>>> and your match on test.html
>>>>
>>>> a mail typo or the trick ? :)
>>>>
>>>> ++
>>>>
>>>> On 03/30/2011 09:19 AM, Gaurav Kalia wrote:
>>>>> Hi Florent
>>>>>
>>>>> Yes referer is present in the request header, see below
>>>>>
>>>>> Referer|http://localhost:8888/pub/live/index.html|
>>>>>
>>>>> Below is the match type and pattern that i am using in a module:
>>>>>
>>>>> <map:match pattern="http://localhost:8888/pub/live/test.html"
>>>>> type="referer-match">
>>>>>
>>>>> and the matcher entry in the module sitemap
>>>>>
>>>>> <map:matchers>
>>>>> <map:matcher name="referer-match"
>>>>> src="org.apache.cocoon.matching.WildcardHeaderMatcher"
>>>>> logger="sitemap.matcher.referer-match">
>>>>> <header-name>referer</header-name>
>>>>> </map:matcher>
>>>>> </map:matchers>
>>>>>
>>>>> Please suggest.
>>>>>
>>>>> Regards
>>>>> Gaurav
>>>>>
>>>>> On Wednesday 30 March 2011 04:19 AM, florent andré wrote:
>>>>>> Hi Gaurav,
>>>>>>
>>>>>> May use this documentation
>>>>>> http://cocoon.apache.org/2.1/userdocs/core/wildcardheader-matcher.html
>>>>>>
>>>>>> (but ok, it's the same for this page).
>>>>>>
>>>>>> 2 questions :
>>>>>> 1) are you sure that your request contain a referer field ?
>>>>>>
>>>>>> 2) can you send snipet of code for matcher component component
>>>>>> configuration and of your pipeline ?
>>>>>>
>>>>>> ++
>>>>>>
>>>>>> On 03/29/2011 01:03 PM, Gaurav Kalia wrote:
>>>>>>> Hi All
>>>>>>>
>>>>>>> I want to implement to the referer check for my match pattern. I
>>>>>>> think
>>>>>>> there is something available in cocoon.
>>>>>>>
>>>>>>> Please see the link below:
>>>>>>>
>>>>>>> http://cocoon.apache.org/2.0/userdocs/matchers/wildcardheader-matcher.html
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> According to the documentation i have added the matcher entry in
>>>>>>> sitemap
>>>>>>> and added *type="referer-match"* . But after adding this i am
>>>>>>> getting an
>>>>>>> error "No pipeline match found" although it works fine without it.
>>>>>>>
>>>>>>> I also tried adding the hostname to the match pattern but no luck.
>>>>>>>
>>>>>>> Please suggest if i am missing something.
>>>>>>>
>>>>>>> TIA
>>>>>>>
>>>>>>> Regards
>>>>>>> Gaurav
>>>>>>>
>>>>>>> --
>>>>>>> Gaurav
>>>>>>> Web Development
>>>>>>> Techblue Softwares& Technology Blueprint Ltd
>>>>>>>
>>>>>>> T : 08450047142 Extn: 5102
>>>>>>> E :gaurav.kalia@techblue.co.uk
>>>>>>> W :www.techblue.co.in
>>>>>>> www.technologyblueprint.co.uk
>>>>>>>
>>>>>>> Confidentiality Notice
>>>>>>>
>>>>>>> The contents of this email are confidential and may be
>>>>>>> privileged, and
>>>>>>> are intended only for the use of the person or company named
>>>>>>> herein. Any
>>>>>>> views or opinions presented are solely those of the author and
>>>>>>> do not
>>>>>>> necessarily represent those of Techblue software or Technology
>>>>>>> Blueprint
>>>>>>> Limited.
>>>>>>>
>>>>>>> If you are not the intended recipient of this email or a person
>>>>>>> responsible for delivering it to the intended recipient, you are
>>>>>>> hereby
>>>>>>> notified that any distribution, copying or dissemination of the
>>>>>>> information herein is strictly prohibited.
>>>>>>>
>>>>>>>
>>>>>>
>>>>>> ---------------------------------------------------------------------
>>>>>>
>>>>>> To unsubscribe, e-mail: user-unsubscribe@lenya.apache.org
>>>>>> For additional commands, e-mail: user-help@lenya.apache.org
>>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> Gaurav
>>>>> Web Development
>>>>> Techblue Softwares& Technology Blueprint Ltd
>>>>>
>>>>> T : 08450047142 Extn: 5102
>>>>> E :gaurav.kalia@techblue.co.uk
>>>>> W :www.techblue.co.in
>>>>> www.technologyblueprint.co.uk
>>>>>
>>>>> Confidentiality Notice
>>>>>
>>>>> The contents of this email are confidential and may be privileged,
>>>>> and
>>>>> are intended only for the use of the person or company named
>>>>> herein. Any
>>>>> views or opinions presented are solely those of the author and do not
>>>>> necessarily represent those of Techblue software or Technology
>>>>> Blueprint
>>>>> Limited.
>>>>>
>>>>> If you are not the intended recipient of this email or a person
>>>>> responsible for delivering it to the intended recipient, you are
>>>>> hereby
>>>>> notified that any distribution, copying or dissemination of the
>>>>> information herein is strictly prohibited.
>>>>>
>>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: user-unsubscribe@lenya.apache.org
>>>> For additional commands, e-mail: user-help@lenya.apache.org
>>>>
>>>
>>>
>>> --
>>> Gaurav
>>> Web Development
>>> Techblue Softwares& Technology Blueprint Ltd
>>>
>>> T : 08450047142 Extn: 5102
>>> E :gaurav.kalia@techblue.co.uk
>>> W :www.techblue.co.in
>>> www.technologyblueprint.co.uk
>>>
>>> Confidentiality Notice
>>>
>>> The contents of this email are confidential and may be privileged, and
>>> are intended only for the use of the person or company named herein. Any
>>> views or opinions presented are solely those of the author and do not
>>> necessarily represent those of Techblue software or Technology Blueprint
>>> Limited.
>>>
>>> If you are not the intended recipient of this email or a person
>>> responsible for delivering it to the intended recipient, you are hereby
>>> notified that any distribution, copying or dissemination of the
>>> information herein is strictly prohibited.
>>>
>>>
>>
>
>
> --
> Gaurav
> Web Development
> Techblue Softwares& Technology Blueprint Ltd
>
> T : 08450047142 Extn: 5102
> E :gaurav.kalia@techblue.co.uk
> W :www.techblue.co.in
> www.technologyblueprint.co.uk
>
> Confidentiality Notice
>
> The contents of this email are confidential and may be privileged, and
> are intended only for the use of the person or company named herein. Any
> views or opinions presented are solely those of the author and do not
> necessarily represent those of Techblue software or Technology Blueprint
> Limited.
>
> If you are not the intended recipient of this email or a person
> responsible for delivering it to the intended recipient, you are hereby
> notified that any distribution, copying or dissemination of the
> information herein is strictly prohibited.
>
>
Re: Implementing Referer check - HTTP Header
Posted by Gaurav Kalia <ga...@techblue.co.uk>.
> May still allow an attacker to spoof the dns name - or are you using
> an ip address?
Yes attacker can spoof the DNS but match pattern with not allow the
request to go through as it will check the referer with our own DNS.
I guess referer contains the DNS from which the request is coming not
the DNS on which application is deployed.
Please suggest if i am wrong.
Regards
Gaurav
On Wednesday 30 March 2011 02:22 PM, Vik Tara wrote:
>> match pattern should only work if the request (referer) is a
>> particular domain due to security reason.
> May still allow an attacker to spoof the dns name - or are you using
> an ip address?
>
> On 03/30/2011 09:28 AM, Gaurav Kalia wrote:
>> I am not very much clear with the implementation.
>>
>> *What i want to achieve is --* match pattern should only work if the
>> request (referer) is a particular domain due to security reason. I
>> guess this will not allow any hacker to use client side code anywhere
>> else to use the functionality deployed on my server.
>>
>> *Scenario is *-- from home page (index.html) i am calling test.html
>> which contains index.html in referer. So i want test.html to only
>> work if referer comes from my own domain.
>>
>> Please let me know if i am not clear.
>>
>> Please suggest how can i achieve this.
>>
>> Regards
>> Gaurav
>> On Wednesday 30 March 2011 01:50 PM, florent andré wrote:
>>> humm...
>>>
>>> your referer is on index.html
>>>
>>> and your match on test.html
>>>
>>> a mail typo or the trick ? :)
>>>
>>> ++
>>>
>>> On 03/30/2011 09:19 AM, Gaurav Kalia wrote:
>>>> Hi Florent
>>>>
>>>> Yes referer is present in the request header, see below
>>>>
>>>> Referer|http://localhost:8888/pub/live/index.html|
>>>>
>>>> Below is the match type and pattern that i am using in a module:
>>>>
>>>> <map:match pattern="http://localhost:8888/pub/live/test.html"
>>>> type="referer-match">
>>>>
>>>> and the matcher entry in the module sitemap
>>>>
>>>> <map:matchers>
>>>> <map:matcher name="referer-match"
>>>> src="org.apache.cocoon.matching.WildcardHeaderMatcher"
>>>> logger="sitemap.matcher.referer-match">
>>>> <header-name>referer</header-name>
>>>> </map:matcher>
>>>> </map:matchers>
>>>>
>>>> Please suggest.
>>>>
>>>> Regards
>>>> Gaurav
>>>>
>>>> On Wednesday 30 March 2011 04:19 AM, florent andré wrote:
>>>>> Hi Gaurav,
>>>>>
>>>>> May use this documentation
>>>>> http://cocoon.apache.org/2.1/userdocs/core/wildcardheader-matcher.html
>>>>>
>>>>> (but ok, it's the same for this page).
>>>>>
>>>>> 2 questions :
>>>>> 1) are you sure that your request contain a referer field ?
>>>>>
>>>>> 2) can you send snipet of code for matcher component component
>>>>> configuration and of your pipeline ?
>>>>>
>>>>> ++
>>>>>
>>>>> On 03/29/2011 01:03 PM, Gaurav Kalia wrote:
>>>>>> Hi All
>>>>>>
>>>>>> I want to implement to the referer check for my match pattern. I
>>>>>> think
>>>>>> there is something available in cocoon.
>>>>>>
>>>>>> Please see the link below:
>>>>>>
>>>>>> http://cocoon.apache.org/2.0/userdocs/matchers/wildcardheader-matcher.html
>>>>>>
>>>>>>
>>>>>>
>>>>>> According to the documentation i have added the matcher entry in
>>>>>> sitemap
>>>>>> and added *type="referer-match"* . But after adding this i am
>>>>>> getting an
>>>>>> error "No pipeline match found" although it works fine without it.
>>>>>>
>>>>>> I also tried adding the hostname to the match pattern but no luck.
>>>>>>
>>>>>> Please suggest if i am missing something.
>>>>>>
>>>>>> TIA
>>>>>>
>>>>>> Regards
>>>>>> Gaurav
>>>>>>
>>>>>> --
>>>>>> Gaurav
>>>>>> Web Development
>>>>>> Techblue Softwares& Technology Blueprint Ltd
>>>>>>
>>>>>> T : 08450047142 Extn: 5102
>>>>>> E :gaurav.kalia@techblue.co.uk
>>>>>> W :www.techblue.co.in
>>>>>> www.technologyblueprint.co.uk
>>>>>>
>>>>>> Confidentiality Notice
>>>>>>
>>>>>> The contents of this email are confidential and may be
>>>>>> privileged, and
>>>>>> are intended only for the use of the person or company named
>>>>>> herein. Any
>>>>>> views or opinions presented are solely those of the author and do
>>>>>> not
>>>>>> necessarily represent those of Techblue software or Technology
>>>>>> Blueprint
>>>>>> Limited.
>>>>>>
>>>>>> If you are not the intended recipient of this email or a person
>>>>>> responsible for delivering it to the intended recipient, you are
>>>>>> hereby
>>>>>> notified that any distribution, copying or dissemination of the
>>>>>> information herein is strictly prohibited.
>>>>>>
>>>>>>
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: user-unsubscribe@lenya.apache.org
>>>>> For additional commands, e-mail: user-help@lenya.apache.org
>>>>>
>>>>
>>>>
>>>> --
>>>> Gaurav
>>>> Web Development
>>>> Techblue Softwares& Technology Blueprint Ltd
>>>>
>>>> T : 08450047142 Extn: 5102
>>>> E :gaurav.kalia@techblue.co.uk
>>>> W :www.techblue.co.in
>>>> www.technologyblueprint.co.uk
>>>>
>>>> Confidentiality Notice
>>>>
>>>> The contents of this email are confidential and may be privileged, and
>>>> are intended only for the use of the person or company named
>>>> herein. Any
>>>> views or opinions presented are solely those of the author and do not
>>>> necessarily represent those of Techblue software or Technology
>>>> Blueprint
>>>> Limited.
>>>>
>>>> If you are not the intended recipient of this email or a person
>>>> responsible for delivering it to the intended recipient, you are
>>>> hereby
>>>> notified that any distribution, copying or dissemination of the
>>>> information herein is strictly prohibited.
>>>>
>>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: user-unsubscribe@lenya.apache.org
>>> For additional commands, e-mail: user-help@lenya.apache.org
>>>
>>
>>
>> --
>> Gaurav
>> Web Development
>> Techblue Softwares& Technology Blueprint Ltd
>>
>> T : 08450047142 Extn: 5102
>> E :gaurav.kalia@techblue.co.uk
>> W :www.techblue.co.in
>> www.technologyblueprint.co.uk
>>
>> Confidentiality Notice
>>
>> The contents of this email are confidential and may be privileged, and
>> are intended only for the use of the person or company named herein. Any
>> views or opinions presented are solely those of the author and do not
>> necessarily represent those of Techblue software or Technology Blueprint
>> Limited.
>>
>> If you are not the intended recipient of this email or a person
>> responsible for delivering it to the intended recipient, you are hereby
>> notified that any distribution, copying or dissemination of the
>> information herein is strictly prohibited.
>>
>>
>
--
Gaurav
Web Development
Techblue Softwares& Technology Blueprint Ltd
T : 08450047142 Extn: 5102
E : gaurav.kalia@techblue.co.uk
W : www.techblue.co.in
www.technologyblueprint.co.uk
Confidentiality Notice
The contents of this email are confidential and may be privileged, and
are intended only for the use of the person or company named herein. Any
views or opinions presented are solely those of the author and do not
necessarily represent those of Techblue software or Technology Blueprint
Limited.
If you are not the intended recipient of this email or a person
responsible for delivering it to the intended recipient, you are hereby
notified that any distribution, copying or dissemination of the
information herein is strictly prohibited.
Re: Implementing Referer check - HTTP Header
Posted by Vik Tara <vi...@propco.co.uk>.
> match pattern should only work if the request (referer) is a
> particular domain due to security reason.
May still allow an attacker to spoof the dns name - or are you using an
ip address?
On 03/30/2011 09:28 AM, Gaurav Kalia wrote:
> I am not very much clear with the implementation.
>
> *What i want to achieve is --* match pattern should only work if the
> request (referer) is a particular domain due to security reason. I
> guess this will not allow any hacker to use client side code anywhere
> else to use the functionality deployed on my server.
>
> *Scenario is *-- from home page (index.html) i am calling test.html
> which contains index.html in referer. So i want test.html to only work
> if referer comes from my own domain.
>
> Please let me know if i am not clear.
>
> Please suggest how can i achieve this.
>
> Regards
> Gaurav
> On Wednesday 30 March 2011 01:50 PM, florent andré wrote:
>> humm...
>>
>> your referer is on index.html
>>
>> and your match on test.html
>>
>> a mail typo or the trick ? :)
>>
>> ++
>>
>> On 03/30/2011 09:19 AM, Gaurav Kalia wrote:
>>> Hi Florent
>>>
>>> Yes referer is present in the request header, see below
>>>
>>> Referer|http://localhost:8888/pub/live/index.html|
>>>
>>> Below is the match type and pattern that i am using in a module:
>>>
>>> <map:match pattern="http://localhost:8888/pub/live/test.html"
>>> type="referer-match">
>>>
>>> and the matcher entry in the module sitemap
>>>
>>> <map:matchers>
>>> <map:matcher name="referer-match"
>>> src="org.apache.cocoon.matching.WildcardHeaderMatcher"
>>> logger="sitemap.matcher.referer-match">
>>> <header-name>referer</header-name>
>>> </map:matcher>
>>> </map:matchers>
>>>
>>> Please suggest.
>>>
>>> Regards
>>> Gaurav
>>>
>>> On Wednesday 30 March 2011 04:19 AM, florent andré wrote:
>>>> Hi Gaurav,
>>>>
>>>> May use this documentation
>>>> http://cocoon.apache.org/2.1/userdocs/core/wildcardheader-matcher.html
>>>> (but ok, it's the same for this page).
>>>>
>>>> 2 questions :
>>>> 1) are you sure that your request contain a referer field ?
>>>>
>>>> 2) can you send snipet of code for matcher component component
>>>> configuration and of your pipeline ?
>>>>
>>>> ++
>>>>
>>>> On 03/29/2011 01:03 PM, Gaurav Kalia wrote:
>>>>> Hi All
>>>>>
>>>>> I want to implement to the referer check for my match pattern. I
>>>>> think
>>>>> there is something available in cocoon.
>>>>>
>>>>> Please see the link below:
>>>>>
>>>>> http://cocoon.apache.org/2.0/userdocs/matchers/wildcardheader-matcher.html
>>>>>
>>>>>
>>>>>
>>>>> According to the documentation i have added the matcher entry in
>>>>> sitemap
>>>>> and added *type="referer-match"* . But after adding this i am
>>>>> getting an
>>>>> error "No pipeline match found" although it works fine without it.
>>>>>
>>>>> I also tried adding the hostname to the match pattern but no luck.
>>>>>
>>>>> Please suggest if i am missing something.
>>>>>
>>>>> TIA
>>>>>
>>>>> Regards
>>>>> Gaurav
>>>>>
>>>>> --
>>>>> Gaurav
>>>>> Web Development
>>>>> Techblue Softwares& Technology Blueprint Ltd
>>>>>
>>>>> T : 08450047142 Extn: 5102
>>>>> E :gaurav.kalia@techblue.co.uk
>>>>> W :www.techblue.co.in
>>>>> www.technologyblueprint.co.uk
>>>>>
>>>>> Confidentiality Notice
>>>>>
>>>>> The contents of this email are confidential and may be privileged,
>>>>> and
>>>>> are intended only for the use of the person or company named
>>>>> herein. Any
>>>>> views or opinions presented are solely those of the author and do not
>>>>> necessarily represent those of Techblue software or Technology
>>>>> Blueprint
>>>>> Limited.
>>>>>
>>>>> If you are not the intended recipient of this email or a person
>>>>> responsible for delivering it to the intended recipient, you are
>>>>> hereby
>>>>> notified that any distribution, copying or dissemination of the
>>>>> information herein is strictly prohibited.
>>>>>
>>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: user-unsubscribe@lenya.apache.org
>>>> For additional commands, e-mail: user-help@lenya.apache.org
>>>>
>>>
>>>
>>> --
>>> Gaurav
>>> Web Development
>>> Techblue Softwares& Technology Blueprint Ltd
>>>
>>> T : 08450047142 Extn: 5102
>>> E :gaurav.kalia@techblue.co.uk
>>> W :www.techblue.co.in
>>> www.technologyblueprint.co.uk
>>>
>>> Confidentiality Notice
>>>
>>> The contents of this email are confidential and may be privileged, and
>>> are intended only for the use of the person or company named herein.
>>> Any
>>> views or opinions presented are solely those of the author and do not
>>> necessarily represent those of Techblue software or Technology
>>> Blueprint
>>> Limited.
>>>
>>> If you are not the intended recipient of this email or a person
>>> responsible for delivering it to the intended recipient, you are hereby
>>> notified that any distribution, copying or dissemination of the
>>> information herein is strictly prohibited.
>>>
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: user-unsubscribe@lenya.apache.org
>> For additional commands, e-mail: user-help@lenya.apache.org
>>
>
>
> --
> Gaurav
> Web Development
> Techblue Softwares& Technology Blueprint Ltd
>
> T : 08450047142 Extn: 5102
> E :gaurav.kalia@techblue.co.uk
> W :www.techblue.co.in
> www.technologyblueprint.co.uk
>
> Confidentiality Notice
>
> The contents of this email are confidential and may be privileged, and
> are intended only for the use of the person or company named herein. Any
> views or opinions presented are solely those of the author and do not
> necessarily represent those of Techblue software or Technology Blueprint
> Limited.
>
> If you are not the intended recipient of this email or a person
> responsible for delivering it to the intended recipient, you are hereby
> notified that any distribution, copying or dissemination of the
> information herein is strictly prohibited.
>
>
Re: Implementing Referer check - HTTP Header
Posted by Gaurav Kalia <ga...@techblue.co.uk>.
I am not very much clear with the implementation.
*What i want to achieve is --* match pattern should only work if the
request (referer) is a particular domain due to security reason. I
guess this will not allow any hacker to use client side code anywhere
else to use the functionality deployed on my server.
*Scenario is *-- from home page (index.html) i am calling test.html
which contains index.html in referer. So i want test.html to only work
if referer comes from my own domain.
Please let me know if i am not clear.
Please suggest how can i achieve this.
Regards
Gaurav
On Wednesday 30 March 2011 01:50 PM, florent andré wrote:
> humm...
>
> your referer is on index.html
>
> and your match on test.html
>
> a mail typo or the trick ? :)
>
> ++
>
> On 03/30/2011 09:19 AM, Gaurav Kalia wrote:
>> Hi Florent
>>
>> Yes referer is present in the request header, see below
>>
>> Referer|http://localhost:8888/pub/live/index.html|
>>
>> Below is the match type and pattern that i am using in a module:
>>
>> <map:match pattern="http://localhost:8888/pub/live/test.html"
>> type="referer-match">
>>
>> and the matcher entry in the module sitemap
>>
>> <map:matchers>
>> <map:matcher name="referer-match"
>> src="org.apache.cocoon.matching.WildcardHeaderMatcher"
>> logger="sitemap.matcher.referer-match">
>> <header-name>referer</header-name>
>> </map:matcher>
>> </map:matchers>
>>
>> Please suggest.
>>
>> Regards
>> Gaurav
>>
>> On Wednesday 30 March 2011 04:19 AM, florent andré wrote:
>>> Hi Gaurav,
>>>
>>> May use this documentation
>>> http://cocoon.apache.org/2.1/userdocs/core/wildcardheader-matcher.html
>>> (but ok, it's the same for this page).
>>>
>>> 2 questions :
>>> 1) are you sure that your request contain a referer field ?
>>>
>>> 2) can you send snipet of code for matcher component component
>>> configuration and of your pipeline ?
>>>
>>> ++
>>>
>>> On 03/29/2011 01:03 PM, Gaurav Kalia wrote:
>>>> Hi All
>>>>
>>>> I want to implement to the referer check for my match pattern. I think
>>>> there is something available in cocoon.
>>>>
>>>> Please see the link below:
>>>>
>>>> http://cocoon.apache.org/2.0/userdocs/matchers/wildcardheader-matcher.html
>>>>
>>>>
>>>>
>>>> According to the documentation i have added the matcher entry in
>>>> sitemap
>>>> and added *type="referer-match"* . But after adding this i am
>>>> getting an
>>>> error "No pipeline match found" although it works fine without it.
>>>>
>>>> I also tried adding the hostname to the match pattern but no luck.
>>>>
>>>> Please suggest if i am missing something.
>>>>
>>>> TIA
>>>>
>>>> Regards
>>>> Gaurav
>>>>
>>>> --
>>>> Gaurav
>>>> Web Development
>>>> Techblue Softwares& Technology Blueprint Ltd
>>>>
>>>> T : 08450047142 Extn: 5102
>>>> E :gaurav.kalia@techblue.co.uk
>>>> W :www.techblue.co.in
>>>> www.technologyblueprint.co.uk
>>>>
>>>> Confidentiality Notice
>>>>
>>>> The contents of this email are confidential and may be privileged, and
>>>> are intended only for the use of the person or company named
>>>> herein. Any
>>>> views or opinions presented are solely those of the author and do not
>>>> necessarily represent those of Techblue software or Technology
>>>> Blueprint
>>>> Limited.
>>>>
>>>> If you are not the intended recipient of this email or a person
>>>> responsible for delivering it to the intended recipient, you are
>>>> hereby
>>>> notified that any distribution, copying or dissemination of the
>>>> information herein is strictly prohibited.
>>>>
>>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: user-unsubscribe@lenya.apache.org
>>> For additional commands, e-mail: user-help@lenya.apache.org
>>>
>>
>>
>> --
>> Gaurav
>> Web Development
>> Techblue Softwares& Technology Blueprint Ltd
>>
>> T : 08450047142 Extn: 5102
>> E :gaurav.kalia@techblue.co.uk
>> W :www.techblue.co.in
>> www.technologyblueprint.co.uk
>>
>> Confidentiality Notice
>>
>> The contents of this email are confidential and may be privileged, and
>> are intended only for the use of the person or company named herein. Any
>> views or opinions presented are solely those of the author and do not
>> necessarily represent those of Techblue software or Technology Blueprint
>> Limited.
>>
>> If you are not the intended recipient of this email or a person
>> responsible for delivering it to the intended recipient, you are hereby
>> notified that any distribution, copying or dissemination of the
>> information herein is strictly prohibited.
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@lenya.apache.org
> For additional commands, e-mail: user-help@lenya.apache.org
>
--
Gaurav
Web Development
Techblue Softwares& Technology Blueprint Ltd
T : 08450047142 Extn: 5102
E : gaurav.kalia@techblue.co.uk
W : www.techblue.co.in
www.technologyblueprint.co.uk
Confidentiality Notice
The contents of this email are confidential and may be privileged, and
are intended only for the use of the person or company named herein. Any
views or opinions presented are solely those of the author and do not
necessarily represent those of Techblue software or Technology Blueprint
Limited.
If you are not the intended recipient of this email or a person
responsible for delivering it to the intended recipient, you are hereby
notified that any distribution, copying or dissemination of the
information herein is strictly prohibited.
Re: Implementing Referer check - HTTP Header
Posted by florent andré <fl...@4sengines.com>.
humm...
your referer is on index.html
and your match on test.html
a mail typo or the trick ? :)
++
On 03/30/2011 09:19 AM, Gaurav Kalia wrote:
> Hi Florent
>
> Yes referer is present in the request header, see below
>
> Referer|http://localhost:8888/pub/live/index.html|
>
> Below is the match type and pattern that i am using in a module:
>
> <map:match pattern="http://localhost:8888/pub/live/test.html"
> type="referer-match">
>
> and the matcher entry in the module sitemap
>
> <map:matchers>
> <map:matcher name="referer-match"
> src="org.apache.cocoon.matching.WildcardHeaderMatcher"
> logger="sitemap.matcher.referer-match">
> <header-name>referer</header-name>
> </map:matcher>
> </map:matchers>
>
> Please suggest.
>
> Regards
> Gaurav
>
> On Wednesday 30 March 2011 04:19 AM, florent andré wrote:
>> Hi Gaurav,
>>
>> May use this documentation
>> http://cocoon.apache.org/2.1/userdocs/core/wildcardheader-matcher.html
>> (but ok, it's the same for this page).
>>
>> 2 questions :
>> 1) are you sure that your request contain a referer field ?
>>
>> 2) can you send snipet of code for matcher component component
>> configuration and of your pipeline ?
>>
>> ++
>>
>> On 03/29/2011 01:03 PM, Gaurav Kalia wrote:
>>> Hi All
>>>
>>> I want to implement to the referer check for my match pattern. I think
>>> there is something available in cocoon.
>>>
>>> Please see the link below:
>>>
>>> http://cocoon.apache.org/2.0/userdocs/matchers/wildcardheader-matcher.html
>>>
>>>
>>> According to the documentation i have added the matcher entry in sitemap
>>> and added *type="referer-match"* . But after adding this i am getting an
>>> error "No pipeline match found" although it works fine without it.
>>>
>>> I also tried adding the hostname to the match pattern but no luck.
>>>
>>> Please suggest if i am missing something.
>>>
>>> TIA
>>>
>>> Regards
>>> Gaurav
>>>
>>> --
>>> Gaurav
>>> Web Development
>>> Techblue Softwares& Technology Blueprint Ltd
>>>
>>> T : 08450047142 Extn: 5102
>>> E :gaurav.kalia@techblue.co.uk
>>> W :www.techblue.co.in
>>> www.technologyblueprint.co.uk
>>>
>>> Confidentiality Notice
>>>
>>> The contents of this email are confidential and may be privileged, and
>>> are intended only for the use of the person or company named herein. Any
>>> views or opinions presented are solely those of the author and do not
>>> necessarily represent those of Techblue software or Technology Blueprint
>>> Limited.
>>>
>>> If you are not the intended recipient of this email or a person
>>> responsible for delivering it to the intended recipient, you are hereby
>>> notified that any distribution, copying or dissemination of the
>>> information herein is strictly prohibited.
>>>
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: user-unsubscribe@lenya.apache.org
>> For additional commands, e-mail: user-help@lenya.apache.org
>>
>
>
> --
> Gaurav
> Web Development
> Techblue Softwares& Technology Blueprint Ltd
>
> T : 08450047142 Extn: 5102
> E :gaurav.kalia@techblue.co.uk
> W :www.techblue.co.in
> www.technologyblueprint.co.uk
>
> Confidentiality Notice
>
> The contents of this email are confidential and may be privileged, and
> are intended only for the use of the person or company named herein. Any
> views or opinions presented are solely those of the author and do not
> necessarily represent those of Techblue software or Technology Blueprint
> Limited.
>
> If you are not the intended recipient of this email or a person
> responsible for delivering it to the intended recipient, you are hereby
> notified that any distribution, copying or dissemination of the
> information herein is strictly prohibited.
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@lenya.apache.org
For additional commands, e-mail: user-help@lenya.apache.org
Re: Implementing Referer check - HTTP Header
Posted by Gaurav Kalia <ga...@techblue.co.uk>.
Hi Florent
Yes referer is present in the request header, see below
Referer|http://localhost:8888/pub/live/index.html|
Below is the match type and pattern that i am using in a module:
<map:match pattern="http://localhost:8888/pub/live/test.html"
type="referer-match">
and the matcher entry in the module sitemap
<map:matchers>
<map:matcher name="referer-match"
src="org.apache.cocoon.matching.WildcardHeaderMatcher"
logger="sitemap.matcher.referer-match">
<header-name>referer</header-name>
</map:matcher>
</map:matchers>
Please suggest.
Regards
Gaurav
On Wednesday 30 March 2011 04:19 AM, florent andré wrote:
> Hi Gaurav,
>
> May use this documentation
> http://cocoon.apache.org/2.1/userdocs/core/wildcardheader-matcher.html
> (but ok, it's the same for this page).
>
> 2 questions :
> 1) are you sure that your request contain a referer field ?
>
> 2) can you send snipet of code for matcher component component
> configuration and of your pipeline ?
>
> ++
>
> On 03/29/2011 01:03 PM, Gaurav Kalia wrote:
>> Hi All
>>
>> I want to implement to the referer check for my match pattern. I think
>> there is something available in cocoon.
>>
>> Please see the link below:
>>
>> http://cocoon.apache.org/2.0/userdocs/matchers/wildcardheader-matcher.html
>>
>>
>> According to the documentation i have added the matcher entry in sitemap
>> and added *type="referer-match"* . But after adding this i am getting an
>> error "No pipeline match found" although it works fine without it.
>>
>> I also tried adding the hostname to the match pattern but no luck.
>>
>> Please suggest if i am missing something.
>>
>> TIA
>>
>> Regards
>> Gaurav
>>
>> --
>> Gaurav
>> Web Development
>> Techblue Softwares& Technology Blueprint Ltd
>>
>> T : 08450047142 Extn: 5102
>> E :gaurav.kalia@techblue.co.uk
>> W :www.techblue.co.in
>> www.technologyblueprint.co.uk
>>
>> Confidentiality Notice
>>
>> The contents of this email are confidential and may be privileged, and
>> are intended only for the use of the person or company named herein. Any
>> views or opinions presented are solely those of the author and do not
>> necessarily represent those of Techblue software or Technology Blueprint
>> Limited.
>>
>> If you are not the intended recipient of this email or a person
>> responsible for delivering it to the intended recipient, you are hereby
>> notified that any distribution, copying or dissemination of the
>> information herein is strictly prohibited.
>>
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@lenya.apache.org
> For additional commands, e-mail: user-help@lenya.apache.org
>
--
Gaurav
Web Development
Techblue Softwares& Technology Blueprint Ltd
T : 08450047142 Extn: 5102
E : gaurav.kalia@techblue.co.uk
W : www.techblue.co.in
www.technologyblueprint.co.uk
Confidentiality Notice
The contents of this email are confidential and may be privileged, and
are intended only for the use of the person or company named herein. Any
views or opinions presented are solely those of the author and do not
necessarily represent those of Techblue software or Technology Blueprint
Limited.
If you are not the intended recipient of this email or a person
responsible for delivering it to the intended recipient, you are hereby
notified that any distribution, copying or dissemination of the
information herein is strictly prohibited.
Re: Implementing Referer check - HTTP Header
Posted by florent andré <fl...@4sengines.com>.
Hi Gaurav,
May use this documentation
http://cocoon.apache.org/2.1/userdocs/core/wildcardheader-matcher.html
(but ok, it's the same for this page).
2 questions :
1) are you sure that your request contain a referer field ?
2) can you send snipet of code for matcher component component
configuration and of your pipeline ?
++
On 03/29/2011 01:03 PM, Gaurav Kalia wrote:
> Hi All
>
> I want to implement to the referer check for my match pattern. I think
> there is something available in cocoon.
>
> Please see the link below:
>
> http://cocoon.apache.org/2.0/userdocs/matchers/wildcardheader-matcher.html
>
> According to the documentation i have added the matcher entry in sitemap
> and added *type="referer-match"* . But after adding this i am getting an
> error "No pipeline match found" although it works fine without it.
>
> I also tried adding the hostname to the match pattern but no luck.
>
> Please suggest if i am missing something.
>
> TIA
>
> Regards
> Gaurav
>
> --
> Gaurav
> Web Development
> Techblue Softwares& Technology Blueprint Ltd
>
> T : 08450047142 Extn: 5102
> E :gaurav.kalia@techblue.co.uk
> W :www.techblue.co.in
> www.technologyblueprint.co.uk
>
> Confidentiality Notice
>
> The contents of this email are confidential and may be privileged, and
> are intended only for the use of the person or company named herein. Any
> views or opinions presented are solely those of the author and do not
> necessarily represent those of Techblue software or Technology Blueprint
> Limited.
>
> If you are not the intended recipient of this email or a person
> responsible for delivering it to the intended recipient, you are hereby
> notified that any distribution, copying or dissemination of the
> information herein is strictly prohibited.
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@lenya.apache.org
For additional commands, e-mail: user-help@lenya.apache.org