The Cache: Technology Expert's Forum
 
*
Welcome, Guest. Please login or register. September 16, 2019, 09:29:55 PM

Login with username, password and session length


Pages: [1]
  Print  
Author Topic: Failing to parse the referer  (Read 7596 times)
Docthorn
Rookie
**
Offline Offline

Posts: 10


View Profile
« on: May 07, 2007, 08:35:27 AM »

Ok so I got a PHP referer cloaking script but it is failing to parse the referer after a javascript redirect.

The cloaking script:

Code:
<?php

$match 
false;
$sites = array("website.com""website.biz");

if(
strlen($_SERVER['HTTP_REFERER']))
{
    
$referer parse_url($_SERVER['HTTP_REFERER']);
           
    
$referer['host'] = str_replace("www."""strtolower($referer['host']));

    
$match in_array($referer['host'], $sites);
}


if(
$match)
{

?>


<html>

<head>
<title>Page 1</title>
</head>

<body>
CLOAKED
</body>

</html>

<?php

}
else
{

?>


<html>

<head>
<title>Page 2</title>
</head>

<body>
UNCLOAKED
</body>

</html>

<?php

}

?>



The visitor journey:

general site -> middle page with javascript redirect (on the domain that should be cloaked) -> site with cloaking script

(general.com -> website.com -> othersite.com/cloakingscript.php)

The problem is, the cloaking script is failing to parse the referer when the visitor gets redirected from website.com and he lands on the page for uncloaked visitors (and that's not good - not at all).

It doesn't work with other types of redirects either.

What could be a possible solution/s?

Thanks in advance,
Doc


ADDED: not sure if it is the correct section, if not please move it to the right place, my apologies.
« Last Edit: May 07, 2007, 08:41:59 AM by Docthorn » Logged

No links in signatures please
perkiset
Olde World Hacker
Administrator
Lifer
*****
Offline Offline

Posts: 10096



View Profile
« Reply #1 on: May 07, 2007, 08:50:46 AM »

Hey Doc -

First off, I think you should do a print_r($_SERVER) and post the dump so we can see it (munge identifying info) - then I'd do a print_r($referrer) so that we can see what the parse_url function is doing. The logic of this little script assumes a lot about the inbound info - after you get that posted lets look at how to make this more robust.

/p
Logged

It is now believed, that after having lived in one compound with 3 wives and never leaving the house for 5 years, Bin Laden called the U.S. Navy Seals himself.
Docthorn
Rookie
**
Offline Offline

Posts: 10


View Profile
« Reply #2 on: May 07, 2007, 11:26:41 AM »

Thank you perkiset.

print_r($_SERVER):

Code:
Array ( [PATH] => /usr/local/bin:/usr/bin:/bin [DOCUMENT_ROOT] => /home/USERNAME/public_html/DOMAINNAME [HTTP_ACCEPT] => text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 [HTTP_ACCEPT_CHARSET] => ISO-8859-1,utf-8;q=0.7,*;q=0.7 [HTTP_ACCEPT_ENCODING] => gzip,deflate [HTTP_ACCEPT_LANGUAGE] => it-it,it;q=0.8,en-us;q=0.5,en;q=0.3 [HTTP_CONNECTION] => keep-alive [HTTP_COOKIE] => __utma=208964695.642870232.1178401496.1178460040.1178461147.7; __utmz=208964695.1178460040.6.5.utmccn=(organic)|utmcsr=google|utmctr=www.DOMAINNAME.com|utmcmd=organic [HTTP_HOST] => www.DOMAINNAME.com [HTTP_KEEP_ALIVE] => 300 [HTTP_USER_AGENT] => Mozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.8.0.11) Gecko/20070312 Firefox/1.5.0.11 [REMOTE_ADDR] => 80.104.152.57 [REMOTE_PORT] => 2753 [SCRIPT_FILENAME] => /home/USERNAME/public_html/DOMAINNAME/magic/index.php [SERVER_ADDR] => 74.220.202.16 [SERVER_ADMIN] => webmaster@DOMAINNAME.USERNAME.com [SERVER_NAME] => www.DOMAINNAME.com [SERVER_PORT] => 80 [SERVER_SOFTWARE] => Apache/1.3.37 (Unix) mod_fastcgi/2.4.2 mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4 FrontPage/5.0.2.2635.SR1.2 mod_ssl/2.8.28 OpenSSL/0.9.7a PHP-CGI/0.1b [GATEWAY_INTERFACE] => CGI/1.1 [SERVER_PROTOCOL] => HTTP/1.1 [REQUEST_METHOD] => GET [QUERY_STRING] => [REQUEST_URI] => /magic/index.php [SCRIPT_NAME] => /magic/index.php [PHP_SELF] => /magic/index.php [argv] => Array ( ) [argc] => 0 )

(I replaced real domain name and username with DOMAINNAME and USERNAME)

The print_r($referrer) outputs a blank page.
Logged

No links in signatures please
perkiset
Olde World Hacker
Administrator
Lifer
*****
Offline Offline

Posts: 10096



View Profile
« Reply #3 on: May 07, 2007, 01:37:55 PM »

Here is a re-formatted version of the $_SERVER array:

Code:
Array (
[PATH] => /usr/local/bin:/usr/bin:/bin
[DOCUMENT_ROOT] => /home/USERNAME/public_html/DOMAINNAME
[HTTP_ACCEPT] => text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
[HTTP_ACCEPT_CHARSET] => ISO-8859-1,utf-8;q=0.7,*;q=0.7
[HTTP_ACCEPT_ENCODING] => gzip,deflate
[HTTP_ACCEPT_LANGUAGE] => it-it,it;q=0.8,en-us;q=0.5,en;q=0.3
[HTTP_CONNECTION] => keep-alive
[HTTP_COOKIE] => __utma=208964695.642870232.1178401496.1178460040.1178461147.7; __utmz=208964695.1178460040.6.5.utmccn=(organic)|utmcsr=google|utmctr=www.DOMAINNAME.com|utmcmd=organic
[HTTP_HOST] => www.DOMAINNAME.com
[HTTP_KEEP_ALIVE] => 300
[HTTP_USER_AGENT] => Mozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.8.0.11) Gecko/20070312 Firefox/1.5.0.11
[REMOTE_ADDR] => 80.104.152.57 [REMOTE_PORT] => 2753
[SCRIPT_FILENAME] => /home/USERNAME/public_html/DOMAINNAME/magic/index.php
[SERVER_ADDR] => 74.220.202.16
[SERVER_ADMIN] => webmaster@DOMAINNAME.USERNAME.com
[SERVER_NAME] => www.DOMAINNAME.com
[SERVER_PORT] => 80
[SERVER_SOFTWARE] => Apache/1.3.37 (Unix) mod_fastcgi/2.4.2 mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4 FrontPage/5.0.2.2635.SR1.2 mod_ssl/2.8.28 OpenSSL/0.9.7a PHP-CGI/0.1b
[GATEWAY_INTERFACE] => CGI/1.1
[SERVER_PROTOCOL] => HTTP/1.1
[REQUEST_METHOD] => GET
[QUERY_STRING] =>
[REQUEST_URI] => /magic/index.php
[SCRIPT_NAME] => /magic/index.php
[PHP_SELF] => /magic/index.php [argv] => Array ( )
[argc] => 0
)

... and that explains why your referrer is blank... there isn't one in the $_SERVER array ergo, no parseableness. The PHP dox say,
Quote
'HTTP_REFERER'
The address of the page (if any) which referred the user agent to the current page. This is set by the user agent. Not all user agents will set this, and some provide the ability to modify HTTP_REFERER as a feature. In short, it cannot really be trusted.

... so it's a bit sketchy, as here. My question - how did you get this info? Was it logged from an actual user or did you gin it up? My suggestion would be to go to Google and click through to your site and see what you get.

Sorry no help yet,
/p
Logged

It is now believed, that after having lived in one compound with 3 wives and never leaving the house for 5 years, Bin Laden called the U.S. Navy Seals himself.
thedarkness
Lifer
*****
Offline Offline

Posts: 585



View Profile
« Reply #4 on: May 07, 2007, 03:04:04 PM »

Yeah, strange, I've already been talking to Doc about this and it appeared to me like the referrer wasn't there. Apparently this is happening with multiple clients. Weirdness.........

Cheers,
td
Logged

"I want to be the guy my dog thinks I am."
 - Unknown
Pages: [1]
  Print  
 
Jump to:  

Perkiset's Place Home   Best of The Cache   phpMyIDE: MySQL Stored Procedures, Functions & Triggers
Politics @ Perkiset's   Pinkhat's Perspective   
cache
mart
coder
programmers
ajax
php
javascript
Powered by MySQL Powered by PHP Powered by SMF 1.1.2 | SMF © 2006-2007, Simple Machines LLC
Seo4Smf v0.2 © Webmaster's Talks


Valid XHTML 1.0! Valid CSS!