Inspect the referrer in PHP

php referrer
Graviton picture Graviton · Jan 9, 2009 · Viewed 25.2k times · Source

Is it possible to check who is entering your website in PHP. I have a web application ( written in PHP) that should only allow users entering from some particular websites. Is it possible to get the referral websites by examining the _Request object? If yes, how?

Answer

alex picture alex · Jan 9, 2009

Yes, but keep in mind some proxies and other things strip this information out, and it can be easily forged. So never rely on it. For example, don't think your web app is secure from CSRF because you check the referrer to match your own server.

$referringSite = $_SERVER['HTTP_REFERER']; // is that spelt wrong in PHP ?

If you want to only allow requests from a specific domain you'll need to parse some of the URL to get the top level domain. As I've learned more, this can be done with PHP's parse_url().

As andyk points out in the comments, you will also have to allow for www.example.com and example.com.

Related questions

How to get the previous url using PHP

Suppose my site's url is given as hyperlink on some page on the internet; that page could be anything on internet - blog, orkut, yahoo, even stackoverflow etc, and someone clicks on it,and visited my site. So can we …

Read More
PHP HTTP Referrer

I have a page which accepts POSTs from a remote site. I would like to detect the domain that these POSTs are coming from. I realize that it can be spoofed but it is better than nothing. I have tried …

Read More
Get HTTP Referrer on Redirection

How can you get the HTTP Referrer when redirected from another website, not when they click on a link since it would work for $_SERVER['HTTP_REFERER'], but it doesn't work when a user has been redirected a website and …

Read More