Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 4 of 4
  1. #1
    New to the CF scene
    Join Date
    Oct 2009
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Referrer checker question

    I have used this script successfully:

    http://www.javascriptkit.com/script/...2/refer2.shtml

    However, is there a way to block the following work-around (example only):

    http://www.their-url.com/redir.php?u...ww.my-url.com/

    The redir.php makes it possible to get past the script.

  • #2
    Supreme Master coder! Old Pedant's Avatar
    Join Date
    Feb 2009
    Posts
    26,232
    Thanks
    80
    Thanked 4,456 Times in 4,421 Posts
    No.

    And indeed you can't even guarantee that a *normal* client will give you a valid HTTP_REFERER value. Some people sit behind proxies or firewalls that are so paranoid that they won't send the referer value. You have to treat referer as a "friendly thing to have when it works" but you should *never* rely upon it.

    And don't forget search engines: They don't provide referer info, but you surely don't want to cut them off.

  • #3
    New to the CF scene
    Join Date
    Oct 2009
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts
    No, I'm just trying to block or at least make it difficult for harassing websites to link directly to my blog.

  • #4
    Supreme Master coder! Old Pedant's Avatar
    Join Date
    Feb 2009
    Posts
    26,232
    Thanks
    80
    Thanked 4,456 Times in 4,421 Posts
    So go ahead and check the referrer.

    But I would say that, if the referrer is blank, you should allow the access. Just as a for-instance, it will be blank if the user clicked on an entry in his/her "favorites".

    Now, that does mean that it's trivial for hackers to give you a blank referrer, but for the reasons I already noted there's not much you can do about that, anyway.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •