Site Post Check
Posted: 2002-06-01
By: ArchiveBot
Viewed: 64
Filed Under:
No attachments for this post
Checks the HTTP Referer header to ensure people are not posting from other websites. You can include this file if you use templates on your website, or just include it on the pages that receive form data posts.
Warning - someone who knows there stuff can get around this by modifying there HOST file. this isn't 100% fool proof, but it may deter most from posting data from other websites.
Original Author: Lewis E. Moten III
Code
<%
Call SitePostCheck()
Sub SitePostCheck()
Dim lblnPost ' user posted data to page?
Dim lstrReferer ' page user is comming from
Dim lstrHost ' server user is on
lblnPost = Request.ServerVariables("REQUEST_METHOD") = "POST"
' if data wasn't posted, everythign is ok
If Not lblnPost Then Exit Sub
lstrReferer = Request.ServerVariables("HTTP_REFERER")
lstrHost = Request.ServerVariables("HTTP_HOST")
' If user is posting from antoher website
If InStr(1, lstrReferer, "//" & lstrHost & "/", vbTextCompare) = 0 Then
%>
Security Alert
The security of this web site does not allow you to post
data from other websites.
<%
Response.End
End If
End Sub
%>
Comments on this post
No comments have been added for this post.
You must be logged in to make a comment.