Print Page | Close Window

Protecting webpage from remote submitting Printed From: Web Wiz Forums Category: General Discussion Forum Name: Classic ASP Discussion Forum Description: Discussion on Active Server Pages (Classic ASP). URL: https://forums.webwiz.net/forum_posts.asp?TID=18968 Printed Date: 29 March 2026 at 7:40pm Software Version: Web Wiz Forums 12.08 - https://www.webwizforums.com Topic: Protecting webpage from remote submitting Posted By: PrivateEye Subject: Protecting webpage from remote submitting Date Posted: 26 March 2006 at 9:44pm I want to know what is quality approach to stop remote submitting a page. For example I have an ASP page submit_form.asp that use HTML FORM element and this form is submitted to process_form.asp page. What is best way to stop users from sending requests to process_form.asp page from remote servers. ------------- The Judgement Day Replies: Posted By: michael Date Posted: 27 March 2006 at 4:06pm Use a Captcha plugin, like one you can download here... ------------- http://baumannphoto.com" rel="nofollow - Blog | http://mpgtracker.com" rel="nofollow - MPG Tracker Posted By: wistex Date Posted: 20 April 2006 at 4:32am You could check the referrer, I suppose.  If they submitted the form from your website, wouldn't your website be the referrer?  If the referrer is not what you are expecting, then throw an error message and not process the request. ------------- http://www.wistex.com" rel="nofollow - WisTex Solutions http://www.caribbeanchoice.com/forums" rel="nofollow - CaribbeanChoice Forums Posted By: dpyers Date Posted: 20 April 2006 at 4:52am You can also check for x number of submissions within y number of minutes. You could do the check by IP but it's pretty easy to spoof an ip or referrer. CAPTCHA is probably the best way. ------------- Lead me not into temptation... I know the short cut, follow me. Posted By: wistex Date Posted: 20 April 2006 at 5:09am It might be interesting to take a look at how Borg does it.  He has several scripts that should not be called directly, such as the one that adds votes to a poll.  I know that if you try to access it directly in the browser (i.e. its not called by pressing the submit button on the poll's form), it will not count your vote and redirect you to the forum's default page.  It only works if its called by the poll's form.  (I tested to make sure people couldn't cheat in the Battle of the Islands competition we have.)  I've never disected the file, but I'm sure Borg did a good job at preventing direct submissions, all without using CAPTCHA for voting in the poll. ------------- http://www.wistex.com" rel="nofollow - WisTex Solutions http://www.caribbeanchoice.com/forums" rel="nofollow - CaribbeanChoice Forums

Print Page | Close Window Forum Software by Web Wiz Forums® version 12.08 - https://www.webwizforums.com Copyright ©2001-2026 Web Wiz Ltd. - https://www.webwiz.net