I posted this question on the Javascript forum too since I'm not sure what will work, but I have a cgi script (message board) that is called from my command line as index.cgi This board is located within a password protected area, but this script isnt protected since its a link on the page which is protected with a bunch of other links. What I am trying to do is prevent someone from just typing in http://www.domain.com/cgi-bin/index.cgi or bookmarking the script and gaining access to the board without going through the login of the site. The script uses index.cgi to call it and loads in an index.html page which is the shell to make it look like the rest of the site, so I'm not sure if I can just add in a javascript to the html page or I need to edit the script itself, but I'm not sure how to do either. :( Unfortunately I believe the person/company who wrote the script is no longer around, so I cant ask them and I cant use a different script. Can anyone here help me? This is for a client who is upset that people are able to bookmark the page without logging in first so I need to do something. Thanks!

A low security workaround is to check the "referer" variable in the script.

So, at the beginning of the script somewhere, do a check like:

if($ENV{"HTTP_REFERER"} ne "X") {
print "Error: You must first login<br>";
exit;
}

To figure out "X", it should be the URL of your login page. If you aren't sure, just add a "print $ENV{"HTTP_REFERER"}" in teh code and see what it prints after you log in.


As I said, this is low tech, and can be defeated, but should stop the bleeding anyway.

Hope this helps.

-Jim