Check for referrers

Report · Oct 26, 2007

Hi,

Is it possible to check where a visitor is coming from and only allow that visitor to view a page if coming from a specific domain? This domain would be outside my website. Also, I'm using CF 5.

Thanks much!

Report · Oct 27, 2007

CGI.HTTP_REFERER is the variable you are looking for. Note that sometimes it is not present, so you must first do <CFIF IsDefined(CGI.HTTP_REFERER)>.

Report · Oct 27, 2007

> CGI.HTTP_REFERER is the variable you are looking for. Note that sometimes it is not present, so you must first do <CFIF IsDefined(CGI.HTTP_REFERER)>.

That's not going to get you too far: CF always returns "YES" for
isDefined("CGI.anythingYouLikeHere").

You'd want to do:
structKeyExists(CGI, "anythingYouLikeHere")

EG:
structKeyExists(CGI, "http_referer")

But in the case of CGI.http_referer, it ALWAYS exists. It might just be
blank.

--
Adam

Report · Oct 27, 2007

The variable you want is cgi.http_referer, as stated by jdeline. The function you want is contains.

Report · Oct 30, 2007

Thank you all for the responses so far. I've been reading up on http_referer and I'm starting to think it's too unreliable (i.e., often blocked/blank) for my purposes. Is there any other way I can make sure that the users trying to access my website are only coming from a specific page? For example, in the link to my website in the "source" website, I could have a URL variable, which I would check to make sure it existed on my side before allowing the users to access the website. But that seems too flimsy since any user could look at the bottom of the screen when hovering over the link to get the url and url variable. After that, the user would no longer need to go through the first page/site but would simply have to type in the URL with the URL variable. Is there any way to mask the passing of a URL variable? Any other suggestions?

Thanks again

Report · Oct 30, 2007

Set a session variable on the page you want them to visit first and then check to see if it exists on subesequent pages.

Report · Oct 30, 2007

Dan, thanks for the suggestion. I should've mentioned this already but the first website is on a different (non-CF) server and the only thing I will have control over is probably what the link looks like. That's why I was hoping the http_referer would do the trick.

Report · Oct 31, 2007

> control over is probably what the link looks like. That's why I was hoping the
> http_referer would do the trick.

That is the only way exposed by the HTTP protocol to know the referring URL
for the current request.

Each HTTP request is - intentionally a stand-alone transaction, so it's
really only a "courtesy" that you even get that info.

--
Adam

Report · Oct 30, 2007

Dan Bracuk wrote:
> Set a session variable on the page you want them to visit first and then check to see if it exists on subesequent pages.

Accept the OP said that the page was on another domain outside the
website.

Have you checked into you web server of choice. I am familiar with both
Apache and IIS having the capability to restrict access to a web site
based on clients IP address. Not full proof, but then very little with
web applications is entirely fool proof.

Adobe Community

Check for referrers