Countermeasure for Spoofing Referring URL

treespace Oct 3, 2005 2:26 PM

Anybody know a means of detecting a spoofed referer (sic) in the HTTP header? I would like to ensure that all access to pages to our site after the login page originate from our site.

1. Re: Countermeasure for Spoofing Referring URL

seanmceligot Oct 7, 2005 4:20 PM (in response to treespace)

This is not possible. This information is passed by the client (usually) through the browser. It is a simple matter for the client to lie. You probably want to to look at JBoss security.

http://docs.jboss.org/jbossas/jboss4guide/r4/html/ch8.chapter.html
Actions