Question about 'getenv("HTTP_REFERER")

nivek9991

Hello All,
I have a question regarding 'getenv("HTTP_REFERER")'

I currently have a image serving script that does a check on the http referer, and if the host name does not match any in the list I specify, the images will not be show.

Now I have that script email me anytime the http referer does not match my list. I probably get 3-5 users per day that do not have valid referers (most are things like cached links from search engines).

I know the first thing somebody is going to say is "HTTP_REFERER is not reliable, as sometimes browsers do not handle it correctly."
This is true, but I was thinking of a possible solution, and I wanted to get some feedback on it.

I was thinking of checking HTTP_REFERER on my pages, and if it does not match my approved list, then I redirect them to a page that explains a little about how the image serving script requires that the referer be set to my list. Then I provide a link to my main page, making sure that HTTP_REFERER gets re-set (since they will be clicking on the link, chances are greater than the referer will be set correctly.)

Any comments on this?
Thanks!

ir4z0r

just a hint: take a look on "mod_rewrite", an Apache module

it's very powerful, not only concerning referers, enter mod_rewrite
into the search field at apache.org