can I change referrer ?

Discussion in 'SW Helpdesk' started by FriendOfGhost, Mar 19, 2014.

  1. FriendOfGhost

    FriendOfGhost Registered User

    Joined:
    Jan 15, 2009
    Messages:
    802
    Likes Received:
    4,439
    hi friends... I have a HUGE problem about that. I nee to change referrer in this structure. First site will post data so second site and second site cannot check referrer value.

    first page on FIRSTSITE.COM/test.php

    Code:
    <html>
    <head>
        <title></title>
    </head>
    <body>
        <form action="http://www.SECONDSITE.com/testreferrer.php" method="post">
            value: <input name="field1" type="text" />
            <br />
            <br />
            <input id="submit" type="submit" value="submit" />
        </form>
    </body>
    </html>
    
    second page whick checks the referrer on www.SECONDSITE.com/testreferrer.php

    Code:
    <html>
    <body>
    <form action=" method="post">
        <br>
           Your value is: <?php echo $_POST["field1"]; ?>
        <br>
          referrer:
        <?php echo $_SERVER['HTTP_REFERER']; ?>
        <br>
    </form>
    </body>
    </html> 
    
    normally testreferrer.php shows http//www.FIRSTSITE.COM/test.php as referrer value.

    I want to change it http://www.somesite.com/test.php

    I googled and found out some says "its impossible" as browser sends referrer value but some others claims they change it. Though I tried almost every code piece I found I could not make it run. my servers are linux and I think there should be a way to achieve this.

    any ideas please ?
     
  2. gj

    gjutras Registered User

    Joined:
    Jul 14, 2010
    Messages:
    5
    Likes Received:
    1
    When and at what point are you trying to change it? And client side or from server 1 as part of it's request handling? You could achieve this client side with a custom app, or a plugin or extension. But purely from script called by a page, I don't think you'll be able to override the browser behavior client side.
     
    Last edited: Dec 29, 2016
  3. FriendOfGhost

    FriendOfGhost Registered User

    Joined:
    Jan 15, 2009
    Messages:
    802
    Likes Received:
    4,439
    I want some expert/experienced opinions if it can be done because I have web services that check REFERRER value to obtain security. I wanted to know if it can be done or "cheated".

    So If someone calls SECONDSITE by not using browser but creating a request by programming or they use some addons like said then they can change REFERRER is that correct ? As far as I know they can also cheat IP number.

    Then how will I secure my service so it can be used by only one domain ? I have username/password etc but they are known by many people (customer himself, programmer, third party programmer etc...)

    I need some solid variable to identify domain name which request has made. I need to be sure that SECONDSITE page is called from FIRSTSITE not some other site.
     
  4. Cl

    Cleric Registered User

    Joined:
    Dec 20, 2016
    Messages:
    5
    Likes Received:
    5

Share This Page