检查PHP中的引荐来源网址 [英] Inspect the referrer in PHP

问题描述

是否可以检查谁正在使用PHP输入您的网站.我有一个Web应用程序(用PHP编写)，该应用程序只应允许用户从某些特定网站进入.是否可以通过检查_Request对象来获得推荐网站?如果是，怎么办?

Is it possible to check who is entering your website in PHP. I have a web application ( written in PHP) that should only allow users entering from some particular websites. Is it possible to get the referral websites by examining the _Request object? If yes, how?

推荐答案

是的，但是请记住，有些代理和其他东西会将这些信息剔除掉，并且很容易伪造.因此，永远不要依赖它.例如，不要以为您的Web应用程序不受 CSRF 的保护，因为您选中了引荐来源网址以匹配您自己的服务器.

Yes, but keep in mind some proxies and other things strip this information out, and it can be easily forged. So never rely on it. For example, don't think your web app is secure from CSRF because you check the referrer to match your own server.

$referringSite = $_SERVER['HTTP_REFERER']; // is that spelt wrong in PHP ?

如果只允许来自特定域的请求，则需要解析一些URL以获得顶级域.据我所知，这可以通过PHP的 parse_url()完成.

If you want to only allow requests from a specific domain you'll need to parse some of the URL to get the top level domain. As I've learned more, this can be done with PHP's parse_url().

andyk 在评论中指出，您还必须允许使用www.example.com和示例. com.

As andyk points out in the comments, you will also have to allow for www.example.com and example.com.

这篇关于检查PHP中的引荐来源网址的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！