This content has been marked as final. Show 8 replies
CGI.HTTP_REFERER is the variable you are looking for. Note that sometimes it is not present, so you must first do <CFIF IsDefined(CGI.HTTP_REFERER)>.
> CGI.HTTP_REFERER is the variable you are looking for. Note that sometimes it is not present, so you must first do <CFIF IsDefined(CGI.HTTP_REFERER)>.
That's not going to get you too far: CF always returns "YES" for
You'd want to do:
But in the case of CGI.http_referer, it ALWAYS exists. It might just be
The variable you want is cgi.http_referer, as stated by jdeline. The function you want is contains.
Thank you all for the responses so far. I've been reading up on http_referer and I'm starting to think it's too unreliable (i.e., often blocked/blank) for my purposes. Is there any other way I can make sure that the users trying to access my website are only coming from a specific page? For example, in the link to my website in the "source" website, I could have a URL variable, which I would check to make sure it existed on my side before allowing the users to access the website. But that seems too flimsy since any user could look at the bottom of the screen when hovering over the link to get the url and url variable. After that, the user would no longer need to go through the first page/site but would simply have to type in the URL with the URL variable. Is there any way to mask the passing of a URL variable? Any other suggestions?
Set a session variable on the page you want them to visit first and then check to see if it exists on subesequent pages.
Dan Bracuk wrote:
> Set a session variable on the page you want them to visit first and then check to see if it exists on subesequent pages.
Accept the OP said that the page was on another domain outside the
Have you checked into you web server of choice. I am familiar with both
Apache and IIS having the capability to restrict access to a web site
based on clients IP address. Not full proof, but then very little with
web applications is entirely fool proof.
Dan, thanks for the suggestion. I should've mentioned this already but the first website is on a different (non-CF) server and the only thing I will have control over is probably what the link looks like. That's why I was hoping the http_referer would do the trick.
> control over is probably what the link looks like. That's why I was hoping the
> http_referer would do the trick.
That is the only way exposed by the HTTP protocol to know the referring URL
for the current request.
Each HTTP request is - intentionally a stand-alone transaction, so it's
really only a "courtesy" that you even get that info.