PHP仅允许访问特定的引荐来源网址/页面 [英] PHP Allow access to specific referrer url/page only
问题描述
所以我的问题很简单,香港专业教育学院使用以下方法允许通过引荐来源网址访问php脚本,但我想仅允许与完整URL匹配的引荐来源访问.
So my question is simple ive used the following method for allowing access to the php script via the referrer's domain name but i want to allow access for only referrers matching the full url.
<?php
if (isset($_SERVER['HTTP_REFERER']) && $_SERVER['HTTP_REFERER'] != 'domain.com')
{
echo "Eexcuting code here";
} else {
echo('Hot Linking Not Permitted');
// display some message / image / video
exit;
}
?>
因此,如果引荐来源网址匹配 http://www.domain.com/page.html然后允许其他访问(如果将其阻止).
So if the referrer url matches http://www.domain.com/page.html then allow access else if block it.
推荐答案
这是不安全的,因为引荐来源网址的数据很容易被欺骗.但是,如果它仍然适合您的需求,那么您应该已经对您的代码满意,因为$_SERVER['HTTP_REFERER']包含完整的引荐来源网址,而不仅仅是域.实际上,您当前的代码需要进行一些调整,因为它不能那样工作:
It will not be safe because referrer data can be easily spoofed. However, if it still fits your needs, then you should be fine with your code already, since $_SERVER['HTTP_REFERER'] contains the full referrer URL and not just the domain. Actually, your present code needs some adjustments because it can't work like that:
<?php
// This is to check if the request is coming from a specific domain
$ref = $_SERVER['HTTP_REFERER'];
$refData = parse_url($ref);
if($refData['host'] !== 'domain.com') {
// Output string and stop execution
die("Hotlinking not permitted");
}
echo "Executing code here";
?>
请注意,如果在检查HTTP_REFERER是否为所需内容之前先检查是否已设置HTTP_REFERER,则人们可能会在根本没有设置任何引荐来源的情况下进入脚本,因此无论如何都应进行检查.现在,检查特定的URL更加简单:
Note that if you check if HTTP_REFERER is set before checking if it's what you want, people would get to your script without any referrer set at all, so you should check it in any case. Now, checking for a specific URL is much simpler:
<?php
// This is to check if the request is coming from a specific URL
$ref = $_SERVER['HTTP_REFERER'];
if($ref !== 'http://domain.com/page.html') {
die("Hotlinking not permitted");
}
echo "Executing code here";
?>
这篇关于PHP仅允许访问特定的引荐来源网址/页面的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
