Talk:Referer spoofing

From Wikipedia, the free encyclopedia
Jump to: navigation, search

Solution[edit]

Since this is a computer security attack, I would think that it would be ethical to address a solution to this attack.

There is no way to get authentic referer information. Superm401 - Talk 18:07, 19 January 2007 (UTC)
Perhaps not, but there are still some things that can be done. For example, I disallow GET and HEAD requests where the request and referrer fields are the same - which logically should never happen as pages that refer to themselves do not cause browsers to (re-)fetch them upon clicking on such links. However, certain malicious spiders do present such bogus requests. I also check for off-server hotlinking. 71.106.211.51 (talk) 02:55, 5 October 2011 (UTC)

External links[edit]

Someone needs to check those links.

I'm uneasy about this; Wikipedia shouldn't be seen as abetting fraud. Rhinoracer 15:03, 28 September 2007 (UTC)
I wouldn't think of it as abetting fraud, since there are many legitimate reasons why people can use spoofers. Regardless, I'd think the links are advertising, so have removed them for the time being. —Preceding unsigned comment added by 82.36.229.11 (talk) 18:57, 12 November 2007 (UTC)

Cross-site request forgery[edit]

Currently this page is concerned with clients who intentionally spoof their own referrer. It should also discuss how and when an attacker performing cross-site request forgery can cause the victim to misrepresent their referrer (in order to circumvent referrer-based CSRF countermeasures), and how users can ensure that this isn't possible. —Saric (Talk) 16:04, 13 January 2012 (UTC)

Reverted move[edit]

See Talk:HTTP_referer#Reverted_move. Superm401 - Talk 01:36, 23 March 2012 (UTC)