HTTP Referer is part of the header, and when the browser sends a request to the Web server, it usually takes referer to tell the server which page link I took from, and the server can get some information for processing.
if (request.servervariables["http_referer"null | |! request.servervariables["http_referer"]. ToString (). Contains (request.servervariables["http_host"). ToString ())) {Server.Transfer ("error.aspx");}
The following conditions are obtained request.servervariables ("Http_referer") from the browser's address bar normally:
1) directly with <a href= "" >
2) Submit a form (post or get) with submit or <input type= "image" >
3) Forms submitted using JavaScript (post or get)
Let's look at the case where Request.ServerVariables ("Http_referer") is not properly valued:
1) from the Favorites link
2. Click Home or Custom Address
3) Direct input to the address in the browser
4) using JavaScript location.href or Location.replace ()
5) <%Response.Redirect%>
6) <%Response.AddHeader%> or <mete http-equiv= "Refresh" > Turn
7) load address with XML
Obviously, Request.ServerVariables ("Http_referer") is not working properly in most cases, let's look at an example:
Ref.asp
<%
Response.Write "came from:" & Request.ServerVariables ("Http_referer")
%>
Ref.htm
<%
Response.AddHeader "Refresh", "10; Url=ref.asp "
%>
<meta http-equiv= ' Refresh ' content= ' 10; Url=ref.asp ' >
<form Method=get action=ref.asp name=getform>
<input type=submit value= ' Go there (GET) >> ' >
<input type=image style= ' Cursor:hand ' >
</form><p>
Look at the result of what the above code will get.
<form method=post action=ref.asp name=postform>
<input type=submit value= ' Go there (POST) >> ' >
<input type=image style= ' Cursor:hand ' >
</form><p>
<a href= ' ref.asp ' > Direct links </a><p>
<a href= ' # ' onclick= ' window.location.href= "ref.asp"; return false; ' >javascript location</a><p>
<a href= ' # ' onclick= ' Window.location.replace ("ref.asp"); return false; ' >javascript replace</a><p>
<a href= ' # ' onclick= ' Document.getform.submit (); return false; ' >javascript get</a><p>
<a href= ' # ' onclick= ' Document.postform.submit (); return false; ' >javascript post</a>
How Request.ServerVariables (Http_referer) works
HTTP Referer Anti-outer chain