Limit access to website based on referrer

Posted on: August 29, 2012

We use suphp on this server and here was the solution. In the user’s public_html file we created a .htaccess with the following:


SetEnv PHPRC /home/$user/public_html/php.ini

Then a php.ini file with:
auto_prepend_file = /home/$user/public_html/checkrefer.php

checkrefer.php


<?php
session_start();
echo $_SESSION['allowme'];

//First we check to see if a valid session exists
if ($_SESSION[‘allowme’]==1){
//keep going and allow access
}
else {
$domain=$_SERVER[“HTTP_REFERER”];
$domainref = parse_url($domain, PHP_URL_HOST);
//check to see what the referrer is
if ($domainref==”$validreferdomain”){
//start session and allow access
$_SESSION[‘allowme’] = 1; // store session data
}

//block access bad referrer and no session
else{
print “Access Forbidden. Please visit this page for further information.”;
exit;
}

}
?>

On this script you have to set $validreferdomain = to the referrer you want the visitor to come from.

Limitation – this only effects php pages and not images or other file types. You can get it to lock down html pages by setting the site to parse html as php.

Server Sitters is an Outsourced Hosting Support provider. We provide outsourced hosting support and specialize in hosting support for web hosting companies that require Helpdesk Support, Telephone Support Services or want to Outsource Chat Support.