How to check the incoming url

Forum Moderators: coopster

Message Too Old, No Replies

How to check the incoming url

wll6568

3:32 am on Oct 17, 2007 (gmt 0)

I have a script say img.php that takes in parameters and then look for the local directory to find images corresponding and then return show the image as binary. eg. img.php?id=1, then accesing this url will show the image.

Now, i want to be able to check who is the referral of this script:

1. If someone directly put http://www.example.com/img.php?id=1 into their browser and tried to access the image, then the checker will know and return error.

2. If someone hotlink the image with http://www.example.com/img.php?id=1, i want to be able to know the referral website and then decide whether to block or not.

Any idea how?

[edited by: eelixduppy at 3:58 am (utc) on Oct. 17, 2007]
[edit reason] switched to example.com [/edit]

eelixduppy

4:32 am on Oct 17, 2007 (gmt 0)

Try the following to see what you get:


echo $_SERVER['HTTP_REFERER'];

This cannot really be trusted, however, so if you are trying to protect content you may want to think of other means to do so.

phranque

6:18 am on Oct 17, 2007 (gmt 0)

you could use something similar to the following in your .htaccess:

RewriteEngine on
RewriteCond %{HTTP_REFERER}!^http(s)?://(www\.)?example.com [NC]
RewriteCond %{HTTP_REFERER}!^http(s)?://(www\.)?othergooddomain1.com [NC]
RewriteCond %{HTTP_REFERER}!^http(s)?://(www\.)?othergooddomain2.com [NC]
RewriteRule \.(jpg¦jpeg¦png¦gif)$ justgoaway.jpg [NC,R,L]

or do similar logic in your php...

(and if it doesn't work, please spare no details!)