Referrer checker question

thelaughingman · 10-12-2009, 02:42 PM

I have used this script successfully:

http://www.javascriptkit.com/script/...2/refer2.shtml

However, is there a way to block the following work-around (example only):

http://www.their-url.com/redir.php?u...ww.my-url.com/

The redir.php makes it possible to get past the script.

Old Pedant · 10-12-2009, 10:33 PM

No.

And indeed you can't even guarantee that a *normal* client will give you a valid HTTP_REFERER value. Some people sit behind proxies or firewalls that are so paranoid that they won't send the referer value. You have to treat referer as a "friendly thing to have when it works" but you should *never* rely upon it.

And don't forget search engines: They don't provide referer info, but you surely don't want to cut them off.

thelaughingman · 10-15-2009, 05:47 AM

No, I'm just trying to block or at least make it difficult for harassing websites to link directly to my blog.

Old Pedant · 10-15-2009, 08:03 PM

So go ahead and check the referrer.

But I would say that, if the referrer is blank, you should allow the access. Just as a for-instance, it will be blank if the user clicked on an entry in his/her "favorites".

Now, that does mean that it's trivial for hackers to give you a blank referrer, but for the reasons I already noted there's not much you can do about that, anyway.