I have pages in html and cgi.

Since I want to use add.cgi only from html pages, I made this.
But this does not work. Please someone guide me to correct this.


if ($ENV{HTTP_REFERER} =~ /^\/cgi-bin/i)
{
print "Location: /error.html\n\n";
exit;
}
else
{
.......


ex.
/public_html/home.html should be ok, but /cgi-bin/home.cgi needs to go to error.html, but it does not work. instead of going to error.html, it goes through the add.cgi.

The add page is dynamic, created only when called, and is not static. You could copy the add.cgi form as a static page, but when the addition is submitted, it will still go through add.cgi.

Maybe I misunderstand what you're trying to do...

Plus, I think this needs to be a class:

/[^\/cgi-bin]/i)


Leonard
aka PerlFlunkie

Thank you for the reply, but I get an error with [].
Maybe I should make the question simple.

Ex. That's what I want to do
When the referer is domain.com/any.html, domain.com/sub/any.html, etc, it should go to ok.html
But the referer is domain.com/cgi-bin/any.cgi, domain.com/cgi-bin/sub/any.cgi, etc, it should go to error.html

if ($ENV{HTTP_REFERER} =~ /^\/cgi-bin/i)
{
print "Location: /error.html\n\n";
exit;
}
else
{
print "Location: /ok.html\n\n";
exit;
}

Now, the referer is domain/cgi-bin/any.cgi => go to ok.html
I would like to make people go to error.html if the add.cgi was called from another CGI page.
Also, I tried if ($ENV{HTTP_REFERER} =~ /^domain.com\/cgi-bin/i)

I hope this is more clear.

Part of the problem is that this

$ENV{HTTP_REFERER}

is not very functional, since most firewalls block that info. Example, when I go to W3C to verify a page, it will not work, because the referer is blocked.

Adding a hidden input to your form, then requiring it in the script, would be the way to go.

Just what is the problem? Why do you not want links from the cgi-bin? If a person is on the search page, you don't want them to be able to go to the add page? Or is there a spam problem?


Leonard
aka PerlFlunkie

Thank you for the help.
I checked $ENV{HTTP_REFERER}, and it displays correctly.

Since it is hard, I changed the function.
Now, I need a help with this.
Please tell me what is wrong.
I tried to restrict an access only from the URLs specified in the good.list
But it does not work. Access from non listed URLs still goes to add.cgi instead
of error.html

open(FILEHANDLE,"<good.list");
while($line = <FILEHANDLE>)
{
$line =~ s/\n//g;
$referer = $ENV{HTTP_REFERER};

if ($referer = $line)
{
close FILEHANDLE;
print "Location: http://www.domain.com/cgi-bin/add.cgi\n\n";
exit;
}
else
{
print "Location: http://www.domain.com/error.html\n\n";
}}

good.list file look like below.

http://www.domain.com/good.html
http://www.domain.com/good/good.html
http://www.domain.com/good2/good.html
...

Thank you in advance.