HTTP vs HTTPS

[Hai Nguyen]

Hi everyone !!

I have a web application deloped on a web server. I have site A and site B
both have link to this application. I want to check the URL from A and B.
If it's correct with my allowed URL then I will let them advance. There is a
sittuation occurs. Application A use HTTP and application B use HTTPS. I use
Uri RemoteURL = Request.UrlReferrer to check if the URL is really from site
A and site B and then match with my allowed string. Site A can pass the
check point but B.

I was wondering since B use HTTPS therefore it could not go through

I may ask unclear. Help me if you can

Thanks

 

[Chad Z. Hower aka Kudzu]

is really from site A and site B and then match with my allowed string.
Site A can pass the check point but B.

I was wondering since B use HTTPS therefore it could not go through

You mean that A to B works but not B to A?

Then yes - SSL has a lot of restrictions specifically related to security.

 

[Eric Lawrence [MSFT]]

A browser is forbidden to pass a HTTPS URL in the referrer to a non HTTPS
server.

Also note that the referrer header is completely insecure. I can hit your
URL and pass up any referer I want.

--
Thanks,

Eric Lawrence
Program Manager
Assistance and Worldwide Services

This posting is provided "AS IS" with no warranties, and confers no rights.