santicabanillas,

Welcome to WebmasterWorld!

If no HTTP_REFERER header is provided, then there is no way to block these requests, whether you use php or .htaccess.

Jim

well, thanks

if I use this function on index.php in my site
header("Location: yoursite");

> www.mysite.com (you know the url of redireted)

are you able to get the referer?

Well, it depends on the client (browser). You can test the various possibilities of clicking on links, direct type-ins, and various user-agents (such as media players, if applicable), using a server headers checker [webmasterworld.com].

Request the pages that invoke the redirect, and see what the server sees.

Jim

well
it say

HTTP/1.1 301 Moved Permanently
Date: Wed, 11 Jan 2006 21:40:49 GMT
Server: Apache
Location: http://www.my_site.com/referring_site
Connection: close
Content-Type: text/html; charset=iso-8859-1

Server response time:less than 1 second
http://www.referring_site.com.br/

do you have some idea what can I do?

thanks santi

[edited by: jdMorgan at 12:25 am (utc) on Jan. 12, 2006]
[edit reason] de-linked and obscured URLs [/edit]

I had to edit your post, since we do not allow specific URLs to be posted here.

Was I correct in the way I modified the report? -- Is the referring site name passed to your site as a page name?

If so, then you can easily block this by the requested URL.

Jim

the way you modified the report is correct, yes

Is the referring site name passed to your site as a page name?

no, i know the referring site names

I know that #*$!.com (referring site name)
its redirect to mysite.com/xxx

the way you modified the report is correct, yes

Is the referring site name passed to your site as a page name?

According to what I see in the report, both of these are either true or false.

The redirect appears to be to a page on your site. The page has the name of the site that is redirecting.

If this is the case, then you can simply deny access to that URL.

Maybe I'm reading the report incorrectly. but the redirect is shown above as

Location: http://www.my_site.com/referring_site

which means that the URL requested from your site is "/referring_site"

and therefore you can easily block it.

RewriteRule ^referring_site$ - [F]

Jim

Well
sorry about my english, I know that its not good

I will explain better

this URL

http://www.referring_site.com.br

its redirect to some folder on my site

http://www.my_site.com/some_folder

i did your test and get this

.................................

HTTP/1.1 301 Moved Permanently
Date: Wed, 11 Jan 2006 21:40:49 GMT
Server: Apache
Location:

http://www.my_site.com/some_folder

Connection: close
Content-Type: text/html; charset=iso-8859-1

Server response time:less than 1 second

http://www.referring_site.com.br/

.............................

Im trying to block that redirect

you say that I must to put this line
on .htaccess into my folder attact

RewriteRule ^http://www.referring_site.com.br$ - [F]

I really thank your help

No, the best you can do is the code that is posted in many threads here:

RewriteCond %{HTTP_REFERER} ^http://(www\.)?unwelcome_domain\.com
RewriteRule .* - [F]

That will block all referrals from the unwelcome_domain.com site, as long as the browser sends a referer. It is about 75% effective, because some browsers don't send referrers because their users have opted to not send referrers, or because the user is behind a corporate or ISP cacing proxy that blocks referrers.

Jim

site.A
site.B

on site.B I have an .htaccess with this code

RewriteEngine On
RewriteCond %{HTTP_REFERER} ^http://(www\.)?site\.A
RewriteRule .* - [F]

when click from site.A to site.B
using <a href=site.B>site.B</a>
it works well
then I cannot access to site.B from site.A

but,

when redirect site.A to site.B
using on site.A an PHP function
header("location: site.B");
it doesn't work well, then i get access

which is the problem?

thanks again

The problem is simply that the php function does not send a HTTP_Referrer header, so your code has nothing to test. No header can be sent for a directly-typed-in URL either, because there is no referrer in that case. As I stated, many corporate and ISP caching proxies will effectively block referrers, and programs like Norton Internet Security and Mozilla-based browsers can be set to block referrers. Referrer-based access control is never 100% effective - it cannot be, since it relies on a header that is not required to be sent.

No client is required to send a referrer header, and there is nothing you can do about this unless you use an access-control method that is not based on referrers.

I suggest you look into using a script to set a cookie for clients entering 'authorized entry points' on your site. Then require that cookie to be set in order to access your protected content.

Jim