I haven't come across this before, but there is some code from Matt Wright's FormMail script that might help.
First, you would need to add a line to your .cfg file that listed your domain --
Code:
# @referers allows forms to be located only on servers which are defined #
# in this field. This security fix from the last version which allowed #
# anyone on any server to use your FormMail script on their web site. #
@referers = ('www.server.com');
If you have more than one possibility, separate the possiblities with commas
Code:
@referers = ('www.server.com','server.com');
In db.cgi, after the line that starts with
if ($@) { &cgierr ("Error loading required libraries.
add
&check_url;
Somewhere in db.cgi (anywhere, as long as it's not within another subroutine) add the following:
Code:
sub check_url {
# Localize the check_referer flag which determines if user is valid. #
local($check_referer) = 0;
local($host);
# If a referring URL was specified, for each valid referer, make sure #
# that a valid referring URL was passed to FormMail. #
if ($ENV{'HTTP_REFERER'}) {
foreach $referer (@referers) {
if ($ENV{'HTTP_REFERER'} =~ m|https?://([^/]*)$referer|i) {
$check_referer = 1;
last;
}
}
}
else {
$check_referer = 1;
}
# If the HTTP_REFERER was invalid, send back an error. #
if ($check_referer != 1) {
if ($ENV{'HTTP_REFERER'} =~ m|^https?://([\w\.]+)|i) {
$host = $1;
print qq|
Content-type: text/html
<html>
<head>
<title>Bad Referrer - Access Denied</title>
</head>
<body bgcolor=#FFFFFF text=#000000>
<center>
<table border=0 width=600 bgcolor=#9C9C9C>
<tr><th><font size=+2>Bad Referrer - Access Denied</font></th></tr>
</table>
<table border=0 width=600 bgcolor=#CFCFCF>
<tr><td>The form attempting to use DBMan resides at <tt>$ENV{'HTTP_REFERER'}</tt>,
which is not allowed to access this cgi script.<p>
If you are attempting to configure DBMan to run with this form, you need
to add the following to \@referers, in your .cfg file.<p>
Add <tt>'$host'</tt> to your <tt><b>\@referers</b></tt> array.<hr size=1>
</td></tr>
</table>
</center>
</body>
</html>
|;
}
else {
print qq|
<html>
<head>
<title>Bad Referrer - Access Denied</title>
</head>
<body bgcolor=#FFFFFF text=#000000>
<center>
<table border=0 width=600 bgcolor=#9C9C9C>
<tr><th><font size=+2>Bad Referrer - Access Denied</font></th></tr>
</table>
<table border=0 width=600 bgcolor=#CFCFCF>
<tr><td>The site you came from is not allowed to access DBMan
<hr size=1>
</td></tr>
</table>
</center>
</body>
</html>
|;
}
}
exit;
}
I know this works in FormMail and I haven't made many changes to it, but I can't be sure it will work in DBMan. I did test it for syntax errors, but that's all I can promise.
Give it a shot!
------------------
JPD