Discussions

Web tier: servlets, JSP, Web frameworks: Prevent URL requested directly from browser

  1. Prevent URL requested directly from browser (3 messages)

    Hello,

    What is the best way to prevent user to request web application's pages (or actions if Struts based) from browser manually?

    E.g. user is using web application and taking it's current url to clipboard. Then user goes e.g. to Google for surfing for a while.
    After surfing (s)he pastes web applications url back to browser's address field.
    Best technique in web applicaton to prevent this?

    Maria

    Threaded Messages (3)

  2. The general solution is to use POST submissions rather than GET.
  3. So, do you mean that if user e.g. after surfing in other application pastes
    the url of the first application (s)he was using, that request's type is changed to GET? So, should I do my application so, that all GET type request goes to errorpage?

    br

    Maria
  4. referer[ Go to top ]

    hi

    you could try get the CGI variable HTTP_REFERER (use request.getHeader("Referer")). This should return the URL of the preceding page (where the button/link/etc was) or blank in the URL was typed in.

    This is not fool proof and there is apparently a bug in Tomcat Referer header but should stop your average user...