Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Groups
Explore all groups
Community resources

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Sign up for free Log in
Atlassian Community Hero Image Collage

How to hide referrer

Daisuke Niwa
Daisuke Niwa Jan 24, 2013

Hello there,

One of our customers has following requirement.

They have number of external links within Confluence page. This means when a user clicks an external link within Confluence page, a referrer is sent to that external site.

Their security department don't like this, and they would like to know how to hide referrer. They put a proxy server between Confluence and external gateway, but this does not work when a user connects from outside of their company network via VPN.

Please let us know if anyone has a good idea regarding this issue.

Regards,

Daisuke Niwa

Answer
Watch
Like Be the first to like this

1 answer

1 accepted

0 votes
Answer accepted
Matthew Cobby
Matthew Cobby Jan 24, 2013

First, I'm not sure you quite understand how the data is leaked...

The referrrer data is in the HTTP request sent by the end user's browser, so it's from the user's PC to the external site, not from Confluence to the external site. So putting a proxy between Confluence & the outside world won't do that. The proxy MAY work as the user's HTTP request is sent via the proxy, which in turn, strips out the REFERRER field.

if it doesn't work for users on a VPN, then it's probably because their HTTP traffic isn't going via the company's proxy. Instead it's going direct via their local connection. I suspect it's a misconfiguration on the local PC that the security team have missed. My guess would be that the user's browser ISN'T routing traffic via the proxy.

Best solution, fix the user's browser to hardwire it to the company proxy

If that isn't possible, I think, IIRC, you can switch the confluence to SSL and the referrer field isn't sent when linking to another NON-Secure site.

or if you can 100% guarantee that all your users on on HTML5 browsers (iei Chrome), then you could maybe write a jquery statement to inject the "ref=noreferrer" attribute but it's not a good solution.

Get security to route the end user's HTTP traffic via the company proxy when on the company VPN, and switch to SSL

Reply

Suggest an answer

Log in or Sign up to answer
This widget could not be displayed.
This widget could not be displayed.
Community showcase
Andy Makar
Andy Makar
Published in Confluence

6 Awesome Ways to Apply Trello, JIRA and Confluence to your Project

I attended  Atlassian Summit 2019  and learned a lot from the presenters, attendees and knowledgeable Atlassian product managers. The presentations I attended focused on applying Agile, pla...

2,439 views 11 28
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you