I have a block of code that prevents URL hacking to a page by checking the URL referrer
if (filterContext.RequestContext.HttpContext.Request.UrlReferrer == null)
{
// redirect somewhere else
}
Ideally, it's to stop someone looking at record details pages by just changing the ID (so, persons/1, persons/2 etc)
Now this is fine if the referrer hasn't been stripped by the browser, but what if it is. Is there a workaround to this at all?
I'm using C# MVC
There is no workaround to this, it is either there or it is not BUT url ref is not meant to be a security mechanism. It can be easily forged. If your only concern is URL hijacking then the lowest hanging fruit kind of change you could make is to change your ID field to a uniqueIdentifier (Guid) so users cannot just append increment numbers to your url.