Why is Referer called Referer? What does it stand for? What advantage does it have in a lot of anti-theft chain competition?
Today, before talking about Referer against theft, let’s talk about the Referrer information we often encounter in real life.
When we buy a service or join a membership, some of us ask you, “Where did you hear about us?”
The Referrer and Referer
This is the so-called Referrer information.
For the company, this is very useful information, according to this information, enterprises can analyze and understand the origin of data, in order to adjust the promotion channel.
Most users probably don’t go directly to an unfamiliar site, but search by keyword. So where do you go to find that information, and the server wants to know who your “referrals” are? So HTTP uses the Referer field in the request-header to give the URL of the “referrer.”
Referer is an optional request header that identifies the source address (URL) to understand where the access came from. The correct spelling of Referer should be “Referrer”, but when the standard was written, people did not notice that an ‘R’ character was missing, and it was too late to change it later. So it went wrong and has been used to this day.
The Referer header indicates the source address, so people can analyze the data. For example, for marketing, marketing and promotion personnel, through the Referer field, they can know which search engine “referees” are used to access the traffic, and on this basis, they can advertise on each major search engine.
When the browser visits resources, it will bring different Referer parameter values to request according to different scenarios, so we can filter and judge the request according to the information — Referer anti-theft chain, set corresponding rules, so that addresses that meet the reference rules can be accessed, and those that do not meet the rules can be controlled by 403.
Referer anti-theft chain practical tips
In Youbaiyun, we can configure access permissions according to the configuration rules of the Referer blacklist and whitelist, whether the Referer is allowed to be empty or not.
If you only want to specify the page (*upyun.com) reference resources, other domain name will be denied. The whitelist of the Referer can be set and the empty access mode of the Referer is not allowed (when the Referer cannot be empty, it means that the URL resources specified by the browser are rejected, and the access must be carried out through the Referer header reference, otherwise the access will be restricted), so as to avoid resource theft by other domain names.
Here we use the HTTP client command line tool HTTPie[httpie.org/] (tool support language highlights,… To test it out.
When the Referer value is not specified and the Referer is null, access control cannot be passed by the Referer, and access response 403 denies access.
When Referer: www.baidu.com is specified, the whitelist setting of *upyun.com is not matched, and access response 403 denies access.
When Referer: www.upyun.com is specified, the resource is successfully accessed through *upyun.com whitelist setting.
In addition to Referer anti-theft, Youbeyun also provides a variety of access control functions, including IP blacklist and whitelist, regional access restriction, Referer anti-theft, user-agent anti-theft, Token anti-theft, etc., which is convenient for users to configure access permissions. If you want to know more, you can check out how to choose the right anti-theft link for your website.
Recommended reading
Everyone is talking about cloud security, what is going on?
Brief introduction to FTP, FTPS, and SFTP