Menu
Is it possible to check who is entering your website in PHP. I have a web application ( written in PHP) that should only allow users entering from some particular websites. Is it possible to get the referral websites by examining the _Request object? If yes, how?
250
To check the Referer in action go to Inspect Element -> Network check the request header for Referer like below. Referer header is highlighted. Supported Browsers: The browsers are compatible with HTTP header Referer are listed below: Google Chrome.
Yes, but keep in mind some proxies and other things strip this information out, and it can be easily forged. So never rely on it. For example, don't think your web app is secure from CSRF because you check the referrer to match your own server.
$referringSite = $_SERVER['HTTP_REFERER']; // is that spelt wrong in PHP ?
If you want to only allow requests from a specific domain you'll need to parse some of the URL to get the top level domain. As I've learned more, this can be done with PHP's parse_url().
As andyk points out in the comments, you will also have to allow for www.example.com and example.com.
99
While you can look at $_SERVER['HTTP_REFERER'] to get the referring site, don't bet the farm on it. The browser sets this header and it's easily spoofed.
If it's critical that only people coming from specific referrers view your site, don't use this method. You'll have to find another way, like basic auth, to protect your content. I'm not saying that you shouldn't use this technique, just keep in mind that it's not fool-proof.
BTW, you can also block referrers at the apache level using mod_rewrite.
35
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
