1

Im Kinda A Noob With PHP,
I want to keep my page accessible only from a link
etc. I only want to allow people who clicked a link to my page from example.com
and others like from google.com to redirect to another page on my site etc. a error message
How Could I Do This?

MrARM
  • 25
  • 7
  • modern browsers will happily respect a user's DNT (do-not-track) setting, which means that even if they click from google, your server will not be told it was a referral click. You *can* filter that way, but it won't really be reliable. If you want links that only work on your own site, look at adding CSRF to your requests (through cookies, for instance) – Mike 'Pomax' Kamermans Mar 11 '14 at 00:37
  • Then How Can I Do This? – MrARM Mar 11 '14 at 00:38
  • What have you tried? Is there any code that you've attempted that you can post? – dethtron5000 Mar 11 '14 at 00:54

1 Answers1

3
if(isset($_SERVER['HTTP_REFERER']))
    $referer_host = parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST);
else
    $referer_host = '';
if($referer_host != 'example.com')
{
    header('Location: http://example.com/error');
    exit;
}

People not sending (correct) referers for various reasons will be entirely excluded from your page.

Of course bookmarking your site etc. will also not work.

As headers can be faked by the client at will, I would not call this a "security" feature.

wonce
  • 1,893
  • 12
  • 18
  • 1
    Be aware the HTTP_REFERER is not always set and will throw a notice if you try to access it. Might want to use isset() or use a getter function http://kohanaframework.org/3.3/guide-api/Arr#get – Jamie Mar 11 '14 at 00:48