Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Consider filtering http referrer headers #1

Open
dergachev opened this issue May 7, 2013 · 2 comments
Open

Consider filtering http referrer headers #1

dergachev opened this issue May 7, 2013 · 2 comments

Comments

@dergachev
Copy link
Owner

Potentially, all valid ajax-solr requests will include a site-specific referrer; eg http://dl-web.dropbox.com/u/29440342/screenshots/JOCFWY-2013.5.7-12.29.png

@ivanistheone suggested to potentially block all requests without a valid referrer

This would prevent other websites from "hotlinking" our solr... unless they're running their own solr proxy.
@frank-dspeed
Copy link

you can write your referer check external as nodejs module or else and then if referer valid then proxy to proxy else give denied i think this can be closed.

@frank-dspeed
Copy link

oh sorry and one extra information for you only because you maybe don't know it.

The client sends the headers like referer so this can be manipulated via user side i do this realy often to do cross site hijacking. example simply use crul with some parms that put in a referer you will be suprised 💃

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dergachev @frank-dspeed