Mailing List Archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tlug] detect fake HTTP referrer




Note that the W3C explicitly advocates deeplinking.  See the wikipedia
article for references:

http://en.wikipedia.org/wiki/Deep_linking

Deep-linking, in that context, refers to linking to a whole page. I don't mind someone deep-linking to my site. The pages are all standalone and they are all clearly marked as having been written by me. It would be tough for someone else to pass off a deep-link as something of their own.


That very wikipedia page, though, also says:

  "Some of those who find no fault with deep linking do find fault with
   inline linking, the act of using media from another website directly
   within one's own website. It causes browsers to request the media
   directly from the original web server, using the creator's network
   bandwidth without any benefit to them."

Images (and, I'm assuming, zip files) are not web pages. They don't always have the same identifying information as a web site. Moreover, they tend to be bulkier than HTML pages. I don't imagine W3C had <img> tags in mind when they advocated deep-linking.

On the original question... one web master [1] has an interesting solution. I actually did this once. A CGI script would send an annoying graphic in response to any requests that came in with a referer other than mine. That won't prevent spoofing but it thwarts clueless web authors ;-).

[1] http://www.deuceofclubs.com/switcheroo/

---
Joseph L (Joe) Larabell            Never fight with a dragon
http://larabell.org                     for thou art crunchy
                                  and goest well with cheese.


Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links