Help with ngx_http_referer_module

Hi,

I am reading up on http referer module but I am not understanding the syntax. Here is the example from the nginx docs :

valid_referers none blocked server_names
               *.example.com example.* www.example.org/galleries/
               ~\.google\.;

if ($invalid_referer) {
    return 403;
}

From what I am understanding, the url defined after server_names are the valid url and if the http referrer field has any other value it will set $invalid_referer as 1 and return a 403 error.

I also don't understand the things specified before the server_names part.

Any help regarding this will be appreciated.

πŸ‘︎ 3
πŸ“°︎ r/nginx
πŸ’¬︎
πŸ‘€︎ u/Aritra_1997
πŸ“…︎ Apr 29 2021
🚨︎ report
Pass HTTP REFERER

Hi,

I would like to pass the HTTP_REFERER as a header, the application sits behind a proxy which also uses nginx.

I was thinking setting :

proxy_set_header Referer $http_referer; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

will make this this work.

Any help will be appreciated.

UPDATE : Managed to solve it mysql.

πŸ‘︎ 3
πŸ“°︎ r/nginx
πŸ’¬︎
πŸ‘€︎ u/Aritra_1997
πŸ“…︎ Apr 30 2021
🚨︎ report
Creating an Authorizer Function that authenticates off the Origin and Referer HTTP Header

Is it possible for requests to the API-Gateway to pass the referrer URL to Lambda?

For example, I'd love to let my lambda functions know if a request comes from the domain "good.com" vs. "bad.com".

What is the best way to see the list of data points that I can use to authenticate against in the request header? And how can I properly implement this - I read about authorizers, but not sue if this is the best approach.

πŸ‘︎ 2
πŸ“°︎ r/aws
πŸ’¬︎
πŸ‘€︎ u/Mmetr
πŸ“…︎ Oct 21 2020
🚨︎ report
It turns out that a lot of NPM traffic sends the referer as "install" which is invalid according to the HTTP specification github.com/npm/cli/issues…
πŸ‘︎ 231
πŸ’¬︎
πŸ‘€︎ u/tomwhoiscontrary
πŸ“…︎ Feb 17 2020
🚨︎ report
TIL the HTTP field name "Referer" is misspelled and it was not intentional. By the time they realized it was incorrect, too many people were using it. stackoverflow.com/questio…
πŸ‘︎ 37
πŸ“°︎ r/todayilearned
πŸ’¬︎
πŸ‘€︎ u/N_N_N_N_N_N_N
πŸ“…︎ Oct 17 2019
🚨︎ report
Bad HTTP_REFERER on Arch Linux Forum

When I try to view the preview of my post, or try to submit it, the Arch Linux Forum gives me this error:

Bad HTTP_REFERER. You were referred to this page from an unauthorized source. If the problem persists please make sure that 'Base URL' is correctly set in Admin/Options and that you are visiting the forum by navigating to that URL. More information regarding the referrer check can be found in the FluxBB documentation.

Is there some configuration error on the forum or is there something I should check with my browser?

πŸ‘︎ 6
πŸ“°︎ r/archlinux
πŸ’¬︎
πŸ‘€︎ u/TheCakeWasNoLie
πŸ“…︎ Jul 30 2019
🚨︎ report
Embedded Youtube gives "Video unavailable" when http referer is disabled

I wanted to share my findings why Youtube player gives "Video unavailable" error when embedded on other site.

It was because I had set network.http.sendRefererHeader to 0, that is sending referer in http header was disabled. Youtube doesn't work when it can't spy on you?!

If you don't know, referer in http header gets send by default every time. For example, when you open youtube.com from reddit.com, or open embedded Youtube player inside reddit.com, reddit.com gets send to Youtube as referer.

IMHO this is unacceptable, luckily there is Smart Referer extension (and a few similar), which can change referer to something else, when domains are different. I changed its "Rewrite Mode" to always use "http://google.com".

πŸ‘︎ 4
πŸ“°︎ r/firefox
πŸ’¬︎
πŸ‘€︎ u/hemenex
πŸ“…︎ May 09 2019
🚨︎ report
Help - network.http.referer.defaultPolicy.pbmode switch/addon?

I've tried a few referrer addons but none work/provide a simple switch to make pbmode referrer behave as regular browsing mode to fix broken sites.

I'm un-educationally guessing they do affect "network.http.referer.defaultPolicy" but not "same.pbmode".

Can someone recommend any way to make this work for broken pages without going into about:config every time?
PS: I prefer not to have a whitelist for referrers, or having pbmode setting same as regular since it defeats it's very purpose of being that way in pbmode.

πŸ‘︎ 4
πŸ“°︎ r/firefox
πŸ’¬︎
πŸ‘€︎ u/dvamg
πŸ“…︎ Aug 04 2019
🚨︎ report
An HTTP_REFERER was detected other than what is defined

I'm trying to set up pfSense in a VM, but I'm getting this error:

An HTTP_REFERER was detected other than what is defined in System -> Advanced (http://172.16.0.1/). If not needed, this check can be disabled in System -> Advanced -> Admin.

The problem is I can't disable it because I always get the same error. I can't currently access my host either, nor any other container set up on my host. The interfaces are WAN -> eno1; eno2 -> br0 -> LAN. I can access all the devices connected to LAN but not anything else on br0 (host, lxd containers). All my devices have internet and everything otherwise works.

Edit: Seems I can access at least Plex, which is on one of the containers, but the container doesn't show up on the network at all.

πŸ‘︎ 3
πŸ“°︎ r/PFSENSE
πŸ’¬︎
πŸ‘€︎ u/19wolf
πŸ“…︎ May 19 2018
🚨︎ report
HTTP Header "Referer" was misspelled in the 1996 RFC and most implementations to the point it is now considered correct terminology

Excerpt:

>The misspelling of referrer originated in the original proposal by computer scientist Phillip Hallam-Baker to incorporate the field into the HTTP specification. The misspelling was set in stone by the time of its incorporation into the Request for Comments standards document RFC 1945; document co-author Roy Fielding has remarked that neither "referrer" nor the misspelling "referer" were recognized by the standard Unix spell checker of the period. "Referer" has since become a widely used spelling in the industry when discussing HTTP referrers; usage of the misspelling is not universal, though, as the correct spelling "referrer" is used in some web specifications such as the Document Object Model.

Wikipedia article on HTTP Referer

RFC

πŸ‘︎ 17
πŸ“°︎ r/ProgrammerHumor
πŸ’¬︎
πŸ“…︎ Jun 15 2017
🚨︎ report
Mispellings in your code base that have become permanent like HTTP's "referer"

Anyone who's done a bit of web programming will have come across the historical oddity of "referer" having just one "r" -- a misspelling that has stuck.

Inspired by that venerable precedent, sometimes when I realize I've been misspelling something in code, and I'm able to get away with it, I just keep on using it, as an amusement.

In one project I've got "todal" for "total." In another "accompanyment" for "accompaniment."

What misspellings in your code have stuck?

πŸ‘︎ 14
πŸ“°︎ r/programmerchat
πŸ’¬︎
πŸ‘€︎ u/Ghopper21
πŸ“…︎ Mar 04 2016
🚨︎ report
TIL that the HTTP "referer" header is misspelled, and the typo treated as official because it was never corrected on the HTTP RFC. An author of the RFC defended it because "neither 'referrer' nor the misspelling 'referer' were recognized by the standard Unix spell checker of the period". en.wikipedia.org/wiki/HTT…
πŸ‘︎ 20
πŸ“°︎ r/todayilearned
πŸ’¬︎
πŸ“…︎ Sep 12 2018
🚨︎ report
Duckduckgo does not work when http referer is disabled

I have a computer that I use once in a while with a browser where referrer is disabled, to my surprise when I used this computer to search with duckduckgo today it found no results whatever I searched but still provided suggestions.

it had been a few months since I had used this computer for a web search and last time everything was ok. After a few tests I found out that the issue came from not having a referrer. Enabling http referrer (which is a big privacy liability) made duckduckgo provide results again.

Why is http referrer needed now ? how is that relevant to making a search ? With this new anti-feature duckduckgo just stop being useful to me as I'm not going to enable referrer each time I need to do a web search.

Until this is fixed I'm moving to an alternative. Too bad I really liked this orange duck and it has been a few good years.

πŸ‘︎ 9
πŸ“°︎ r/duckduckgo
πŸ’¬︎
πŸ‘€︎ u/tastytestsabc
πŸ“…︎ Dec 03 2017
🚨︎ report
TIL Due to an error by one of the creators of the HTTP specification, every web page request made contains the misspelling 'Referer' en.wikipedia.org/wiki/HTT…
πŸ‘︎ 56
πŸ“°︎ r/todayilearned
πŸ’¬︎
πŸ‘€︎ u/BomarFessenden
πŸ“…︎ Aug 04 2016
🚨︎ report
TIL that in 1996 a computer scientist misspelt 'referrer' as 'referer' when writing up the HTTP specification and the misspelling remains as standard for coding wikipedia.org/wiki/HTTP_r…
πŸ‘︎ 8
πŸ“°︎ r/todayilearned
πŸ’¬︎
πŸ‘€︎ u/cbrezz
πŸ“…︎ Feb 24 2015
🚨︎ report
TIL The spelling of "referer" in HTTP headers is not an alternative spelling or British spelling-- it was a typo. en.wikipedia.org/wiki/HTT…
πŸ‘︎ 180
πŸ“°︎ r/todayilearned
πŸ’¬︎
πŸ‘€︎ u/good_myth
πŸ“…︎ May 10 2017
🚨︎ report
How much safety and privacy do I lose if I change network.http.referer.defaultPolicy.pbmode from 2 to 3?

Basically recent changes in Private Mode broke a few websites I visit. A whitelist would be ideal solution but I doubt it is possible.

πŸ‘︎ 2
πŸ“°︎ r/firefox
πŸ’¬︎
πŸ‘€︎ u/IlikeFirefox
πŸ“…︎ Apr 08 2018
🚨︎ report
Cacti 1.1.13 HTTP Header auth_profile.php Referer Header cross site scripting phpsecure.info/go/156993.…
πŸ‘︎ 2
πŸ“°︎ r/phpAdvisories
πŸ’¬︎
πŸ‘€︎ u/tobozo
πŸ“…︎ Jul 27 2017
🚨︎ report
Creating an Authorizer Function that authenticates off the Origin and Referer HTTP Header

Is it possible for requests to the API-Gateway to pass the referrer URL to Lambda?

For example, I'd love to let my lambda functions know if a request comes from the domain "good.com" vs. "bad.com".

What is the best way to see the list of data points that I can use to authenticate against in the request header? And how can I properly implement this - I read about authorizers, but not sue if this is the best approach.

πŸ‘︎ 2
πŸ“°︎ r/awslambda
πŸ’¬︎
πŸ‘€︎ u/Mmetr
πŸ“…︎ Oct 21 2020
🚨︎ report

Please note that this site uses cookies to personalise content and adverts, to provide social media features, and to analyse web traffic. Click here for more information.