http_referer in sp2

Toggle sidebar Toggle sidebar
G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.basics (More info?)

I have the impression that browsers running on windows xp sp2 no longer send
the header that is used by IIS for the http_referer variable. I was looking
into the list of security changes for sp2 and can't find anything related to
this.
Is this an intended security measure or a side-effect? In any case is there
anything that can be done on the client side (change something in advanced
settings or security) so that the browser can send this again (preferrably
to specified websites only)

Koen.
 
V

vanguard

Distinguished
Aug 9, 2004
254
0
18,780
Archived from groups: microsoft.public.windowsxp.basics (More info?)

"Koen" <kp@remove-this.bvdep.com> wrote in message
news:%23tg91X89EHA.3616@TK2MSFTNGP11.phx.gbl...
>I have the impression that browsers running on windows xp sp2 no longer
>send the header that is used by IIS for the http_referer variable. I
>was looking into the list of security changes for sp2 and can't find
>anything related to this.
> Is this an intended security measure or a side-effect? In any case is
> there anything that can be done on the client side (change something
> in advanced settings or security) so that the browser can send this
> again (preferrably to specified websites only)
>
> Koen.
>


More likely is that your firewall or some content filtering proxy is
stripping out the Referrer header from your outbound HTTP traffic. For
example, Norton's firewall would block Referrer by default but you could
add a web rule to allow it for certain [host.]domains.

SP-2 did not change the browser from including Referrer so a page can
see from whence you hail (i.e., where you came from). Run the test at
PCFlank.com to see if Referrer is reported by your browser and setup. I
used to use Norton's firewall which blocked Referrer by default so it
passed their test, but I've switched to the freebie version of Sygate
Personal Firewall (which does not include the stealth browsing feature
of their Pro version) and Referrer does get reported. Personally I'm
not scared of a site knowing how I got to it. Banks and several sites
will use Referrer to make sure you get to one of their pages only from
one of their other pages or from an authorized other-domain that has a
link to their page. I had to keep adding web exceptions to allow
Referrer to lots of legitimate sites that I visited.

--
_________________________________________________________________
Post your replies to the newsgroup. Share with others.
E-mail: vanguard_help AT yahoo.com (append "#NEWS#" to Subject)
_________________________________________________________________
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom