CGI/Perl Guide | Learning Center | Forums | Advertise | Login
Site Search: in

  Main Index MAIN
INDEX
Search Posts SEARCH
POSTS
Who's Online WHO'S
ONLINE
Log in LOG
IN

Home: Perl Programming Help: Beginner:
allow only 3 URLS to execute my .cgi

 



moisesbr
Novice

Dec 28, 2010, 1:46 PM

Post #1 of 2 (536 views)
allow only 3 URLS to execute my .cgi Can't Post

Hi

I want to allow only 3 URLS to execute my .cgi for security reasons

Trying the code below

######################################################
$ValidURL = 0;

if ($referer =~ /^http:\/\/www.acrisoft.com/) {
$ValidURL = 1;
}

if ($referer =~ /^http:\/\/www.mundomaq.com/) {
$ValidURL = 1;
}



if ($referer =~ /www.mundomec.com/) {
$ValidURL = 1;
}
##########################################################


The problem is that it always returns 1, regardless of $referer contains or not the piece
of the URL.

Please let me know how to rearrange my code, or a better way apply this filter to allow only my 3 websites.

Moises


(This post was edited by moisesbr on Dec 28, 2010, 1:48 PM)


Zhris
Enthusiast

Dec 29, 2010, 2:14 PM

Post #2 of 2 (524 views)
Re: [moisesbr] allow only 3 URLS to execute my .cgi [In reply to] Can't Post

Hello,

- Obviously you posted just a snippet of your entire code, and from first glance, it looks as if it should work with no problems. I think your issue lies in another closely related area of your code that you haven't shown us.
- Your regular expressions contains .'s (periods) that you haven't escaped. .'s have a special meaning in a regular expression (meaning any single character). Escape .'s like "\." or use quotemetas to revert to their literal meaning.
- You have created a condition for each referer, producing lots of repeated code. Its ok with just three referers, but what if you had a million. It would be best to store every valid referer in an array, which can be looped through later. You could also make use of the grep function to help filter out invalid referers but probably isn't neccessary. Also, when you do use multiple conditions, you should make use of "elsif" and "else".
- Instead of a "flag variable", use a subroutine, which can return true or false when appropriate, and can be called at any time in your script.

Here is how I would perform your task:


Code
#! /usr/bin/perl 
use strict;
use warnings;

unless (ValidateReferer ('http://www.acrisoft.com/dir/whatever.htm', ['http://www.acrisoft.com', 'http://www.mendomaq.com', 'http://www.mundomec.com'])) {
die "Invalid referer\n";
}

sub ValidateReferer {
my $referer = shift;
my $validreferers = shift;

foreach my $validreferer (@{$validreferers}) {
return 1 if ($referer =~ m/^\Q$validreferer\E/i);
}

return 0;
}


Chris


(This post was edited by Zhris on Dec 30, 2010, 10:24 AM)

 
 


Search for (options) Powered by Gossamer Forum v.1.2.0

Web Applications & Managed Hosting Powered by Gossamer Threads
Visit our Mailing List Archives