检查PHP中的引荐来源网址
是否可以检查谁正在使用PHP输入您的网站.我有一个Web应用程序(用PHP编写),该应用程序只应允许用户从某些特定网站进入.是否可以通过检查_Request对象来获得推荐网站?如果是,怎么办?
Is it possible to check who is entering your website in PHP. I have a web application ( written in PHP) that should only allow users entering from some particular websites. Is it possible to get the referral websites by examining the _Request object? If yes, how?
是的,但是请记住,有些代理和其他东西会将这些信息剔除掉,并且很容易伪造.因此,永远不要依赖它.例如,不要以为您的Web应用程序不受 CSRF 的保护,因为您选中了引荐来源网址以匹配您自己的服务器.
Yes, but keep in mind some proxies and other things strip this information out, and it can be easily forged. So never rely on it. For example, don't think your web app is secure from CSRF because you check the referrer to match your own server.
$referringSite = $_SERVER['HTTP_REFERER']; // is that spelt wrong in PHP ?
如果只允许来自特定域的请求,则需要解析一些URL以获得顶级域.据我所知,这可以通过PHP的 parse_url()完成.
If you want to only allow requests from a specific domain you'll need to parse some of the URL to get the top level domain. As I've learned more, this can be done with PHP's parse_url().
andyk 在评论中指出,您还必须允许使用www.example.com和示例. com.
As andyk points out in the comments, you will also have to allow for www.example.com and example.com.