i need a code written in any language, which is secure and only allow a specific url to be mypage's refferer url. you can use passwords, cookies and anything you want but at last, the page only viewable when coming from a specific URL.(edited:)i-want-the-complete-code-to-copy-and-paste, then i will learn it slowly in the future by modifying and improving your provided code.
Asked
Active
Viewed 238 times
0
-
2You cannot trust anything coming from the client and this include referer, so there is no secure way to know which URL the user did come from. See https://stackoverflow.com/questions/3104647/how-to-spoof-http-referer – rypskar Jun 08 '17 at 07:15
-
Do you have access to the referring server? If so, you can write a hash -based key which you could use to check if the user is coming from an allowed server (never mind the IP, any server that has the hash/code for it can allow access). You could base this on user's IP, login or whatever and a secret hash and run that through a SHA, AES, etc function and then give that value to the target server as a GET or PUT parameter. That way stealing the hash (man-in-the-middle) would not be so easy. – DocWeird Jun 08 '17 at 07:52
2 Answers
-1
Try using HTTP_REFERER which return the address of the page which referred to the user agent. Example:
if ($_SERVER['HTTP_REFERER'] !== "ACCESSABLE_URL_HERE") {
// do something you want
}
Syed Aqeel
- 1,009
- 2
- 13
- 36
-1
in PHP you can use the $_SERVER is a PHP super global variable which holds information about headers.
<?php
echo $_SERVER['SERVER_NAME'];
echo "<br>";
echo $_SERVER['HTTP_HOST'];
echo "<br>";
echo $_SERVER['HTTP_REFERER'];
$url = $_SERVER['HTTP_REFERER'];
$urlParse = parse_url($url);
if($urlParse['host'] !== 'test.com')
{
die("you have not permission to access");
}
?>
Oğuzhan Togay
- 7
- 2
-
Using referer is not a safe method, which he specifically requested. You can use ModifyHeaders, etc addons for browsers to give any referer you wish. – DocWeird Jun 08 '17 at 07:45