When you say eliminate bot clicks what do you mean? You see you have the url published and its not encoded or anything so anyone could post it elsewhere, spiders can index it. And you can't set the referrer on the client end during the redirect.

All this is the reason that many companies in order to protect and verify that user clicks are legitimate, may encode everything with a proprietary format. So instead of:
http://example.com/?affiliate_id=123
you see:
http://example.com/?id=abCdefGHJ...long signature.

That signature can include the IP, referrer, affiliate_id, time stamp etc. encoded in some way so the client end cannot manipulate this info as he doesn't know the format. At the same time both ends (tx/rx servers) can verify things and take the necessary action upon misuse.

That works for obfuscation but I'm looking for simple blocking. When I link to the redirect page from the same site I'd like the redirect to work but if the link to the same redirect is on another site I'd like the redirect page to recognize that and instead send the visitor to a different page on my site instead of through to the affiliate.

Like with images, when someone hotlinks an image you can display a different image altogether, the images only resolve on your domain. Can a redirect page recognize the referrer and only redirect if that referrer is your own domain ?

With images this may work if the leeching server doesn't know about the trick you are doing with the referrer. And they work because there is a page first that contains the references of the images. Once it knows however, the referrer field can be changed because the server itself can do the request and present the image to the client on the other end.

Eg:
$method = 'GET';
$host = "example.com";
$fp = fsockopen($host, 80, $errno, $errstr, 10);
$output =
"$method $path HTTP/1.1\r\n" .
"Host: $host\r\n" .
...various HTTP headers....
"Referrer: http://www.example.com\r\n\r\n";
fwrite($fp, $output);
so the hotlinking protection will now fail as the referrer will be what you expect and you would need another filter in place like the ip.

Now with redirects say the client browses pages in example.com. Then he clicks a link that performs the redirect to another page, so the server sends these headers

header("Location: http://example.com/test.html");
exit();

And following the redirect landing on the test.html page the referrer will be blank. So no matter what conditions you have for the redirect page you won't be able to set the client's referrer (at least not in a legit way).

Now you can recognize the destination on the redirect page and do something about it. Eg:

$url = 'http://example.com/test.html';
if( isset($_GET['rurl']) ) {
$temp_url = sanitize_input($_GET['rurl']);
// parse_url validate domain/path/params if all is good..
{ $url = $temp_url; }
}
header("Location: " . $url);
exit();

or using a jscript or a post form for the link you can eliminate all popular spiders for hitting the link. But anyone who examines the html source will be able to craft a link and bypass this, the reason I mentioned the proprietary encoding earlier on.