Here is my problem :
i want to block anybody who try to run FORM from their own pc, and pass the value back to the script on the server.
i've managed to block POST statement by using :
$webdir = www.myweb.com;
$rm = $query->request_method();
$rr = $query->referer();
if ((uc($rm) eq 'POST') and ($rr !~ /$webdir/i)) {
&error("Post Hack","You are trying to run the module from outside");}
the code above will block anyone who try to submit a form locally. but it ONLY block form with method=POST. I can successfully block method=GET, BUT (here is the trickiest part), some of my codes print html <meta http-equiv=refresh content"0;/cgi/scripts.cgi"> code, and guess what? yup, meta refresh use GET to cal scripts.cgi and does'nt have any referer()! (btw, scripts.cgi will check for request_method() and referer() before it can continue).
how can i block POST and GET from being submit locally and not from server?
thanx for ur time.
i want to block anybody who try to run FORM from their own pc, and pass the value back to the script on the server.
i've managed to block POST statement by using :
Code:
use CGI; $webdir = www.myweb.com;
$rm = $query->request_method();
$rr = $query->referer();
if ((uc($rm) eq 'POST') and ($rr !~ /$webdir/i)) {
&error("Post Hack","You are trying to run the module from outside");}
the code above will block anyone who try to submit a form locally. but it ONLY block form with method=POST. I can successfully block method=GET, BUT (here is the trickiest part), some of my codes print html <meta http-equiv=refresh content"0;/cgi/scripts.cgi"> code, and guess what? yup, meta refresh use GET to cal scripts.cgi and does'nt have any referer()! (btw, scripts.cgi will check for request_method() and referer() before it can continue).
how can i block POST and GET from being submit locally and not from server?
thanx for ur time.