Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

How do I prevent direct access to a page? 1

Status
Not open for further replies.
Sort by date Sort by votes
when a user types the URL on the address box the page property Referer is blank.
whenever you click on a link or submit a form the referer has the full URL.

Based on this what you need to do is look for a property/function in PHP (I don't program PHP otherwise I'd give you the code) that grabs the referer value.

then with a string function like find() check if exists in the string, if it does go show the page if it doesn't redirect to the intro page or to an error page stating that people can not direct link and they have to access the application from some other link within your website.



grtfercho çB^]\..
"Imagination is more important than Knowledge" A. Einstein
 
Upvote 0 Downvote
If you are going to do this be aware that quite a lot of users browsers don't pass the referrer on.

Certain security software prevent this from being passed and also there is talk of certain browsers dropping support for referrer in the future.

Why not just check if a query string exists, and if it does then show an error?

Hope this helps

Wullie


The pessimist complains about the wind. The optimist expects it to change.
The leader adjusts the sails. - John Maxwell
 
Upvote 0 Downvote
Wullie, I think the solution you gave is good. However, on the wider point, I do not think that server-side referrer capturing has anything to do with the browser. Please enlighten me if I have got this wrong. I think the browser would only come into play if you were using a client side (javascript) approach to finding the referrer.

Clive
 
Upvote 0 Downvote
Clive,

No matter what language you use, the referer is passed by the browser, that is why you can fake the refferer and block it totally.

The server doesn't link one page visit with another unless you code specifically for this. One way is to use sessions and code it so that each page stores the url, then pass that to the next page and so on.

Hope this helps

Wullie


The pessimist complains about the wind. The optimist expects it to change.
The leader adjusts the sails. - John Maxwell
 
Upvote 0 Downvote
Hi mate,

I believe that Opera hides this as default, and also Norton Personal Firewall and some others block it.

This is just one of the newer techniques used by spammers. They send a robot out and it shows the referrer as a page on the spammers site.

When the innocent webmaster looks through his logs, he sees this page that referred hits to him and goes to the page to see where his link is.

There is and was never a link to his site, but he has just been to this page and the spammer is getting visitors.

Hope this helps

Wullie


The pessimist complains about the wind. The optimist expects it to change.
The leader adjusts the sails. - John Maxwell
 
Upvote 0 Downvote
You can also very easily write an ASP page (certainly the same with HTML, etc.) that uses any one of several objects (including XMLHTTP) to effectively "fake" being a browser, and you could set the referrer to anything you want. It's so easy that any reasonably-decent programmer could write it in 15 minutes.

Referer is interesting info and often useful, but it's also extremely easy to fake.
 
Upvote 0 Downvote
Upvote 0 Downvote
Wullie,

In thread215-582932 you say:

"If you wanted to stop deep linking, the only effective way to do this would be to add a server-side referrer check and if it wasn't your site, then redirect to the page you want them to start at."

and yet in this thread you seem to be saying that:

"Its a client header, its like any data sent from the browser, you can't trust that it is correct."

In a project that I am currently working on server-side referrer is a crucial component. I would appreciate it if you (or anyone else) could clarify.

Many thanks.

Clive
 
Upvote 0 Downvote
Hi mate,

It is a client-side header, and its up to you whether or not to trust it.

I would personally advise you never to use this for a crucial part of your site though.

My post in the other thread was not mean't to be taken as you have, "effective" was a bad choice of word. If I had taken the time to go into further details the only way I would advise you to do this would be when a user arrives on the page, set a session variable that contains the current page. Instead of checking the refferer, check that session variable.

If this variable is blank, you have an arrival from an external link which then you can check the referrer if you want.

Hope this helps

Wullie


The pessimist complains about the wind. The optimist expects it to change.
The leader adjusts the sails. - John Maxwell
 
Upvote 0 Downvote
Thanks for the clarification Wullie. I am really not interested in what robots might do but I am interested in your assertion that Opera "does not pass referrer information my default." In the sites that I have I have not had an Opera visitor so I am unable to check your assertion. Are you sure that this is the default behavior?

Clive
 
Upvote 0 Downvote
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

lmcate
  • Locked
  • Question
From HTML Page open an MDB files on the server and work
Replies
0
Views
65
lmcate
lmcate
bdwilcox
  • Question
More efficient / manageable way to code this HTA w/ VBScript?
Replies
0
Views
171
bdwilcox
bdwilcox
Mike Lewis
  • Locked
  • Question
How to refresh a Javascript file in the browser's cache?
Replies
4
Views
286
Mike Lewis
Mike Lewis
Alt255
  • Locked
  • Question
Searching for a string that contains brackets
Replies
0
Views
70
Alt255
Alt255
soni21
  • Locked
  • Question
JavaScript String to Number Conversion in HTML: Seeking Clarification
Replies
4
Views
320
Chris Miller
Chris Miller

Part and Inventory Search

Sponsor

Back
Top