Php get referer url

PHP: How to get referrer URL?

I have a page ( index.php ) where customers can send me emails. Now I want to see from what website that visitor is coming from. How can I get the Referrer URL with PHP? I tried with $_SERVER[‘HTTP_REFERER’] but it’s empty all the time. What variable do I need to consider? Here is what my $_SERVER contains; I put some —- CENSORED —- for privacy concerns, there are actually real values.

array(31) < ["DOCUMENT_ROOT"]=>string(33) "/home/anything/public_html/design" ["GATEWAY_INTERFACE"]=> string(7) "CGI/1.1" ["HTTP_ACCEPT"]=> string(129) "text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/webp, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1" ["HTTP_ACCEPT_ENCODING"]=> string(13) "gzip, deflate" ["HTTP_ACCEPT_LANGUAGE"]=> string(14) "en-US,en;q=0.9" ["HTTP_CACHE_CONTROL"]=> string(8) "no-cache" ["HTTP_CONNECTION"]=> string(10) "Keep-Alive" ["HTTP_COOKIE"]=> string(189) "__utma=76630272.1468291432.1367655794.1367669576.1367674157.3; __utmb=76630272.1.10.1367674157; __utmc=76630272; __utmz=76630272.1367655794.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)" ["HTTP_HOST"]=> string(25) " ---- CENSORED ---- " ["HTTP_USER_AGENT"]=> string(57) "Opera/9.80 (Windows NT 6.1) Presto/2.12.388 Version/12.15" ["PATH"]=> string(13) "/bin:/usr/bin" ["QUERY_STRING"]=> string(0) "" ["REDIRECT_STATUS"]=> string(3) "200" ["REMOTE_ADDR"]=> string(10) "5.15.68.79" ["REMOTE_PORT"]=> string(5) "57897" ["REQUEST_METHOD"]=> string(3) "GET" ["REQUEST_URI"]=> string(12) "/referer.php" ["SCRIPT_FILENAME"]=> string(45) "/home/anything/public_html/design/referer.php" ["SCRIPT_NAME"]=> string(12) "/referer.php" ["SERVER_ADDR"]=> string(13) " ---- CENSORED ---- " ["SERVER_ADMIN"]=> string(35) " ---- CENSORED ---- " ["SERVER_NAME"]=> string(25) " ---- CENSORED ---- " ["SERVER_PORT"]=> string(2) "80" ["SERVER_PROTOCOL"]=> string(8) "HTTP/1.1" ["SERVER_SIGNATURE"]=> string(189) " Apache/2.2.19 (Unix) mod_ssl/2.2.19 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Server at ---- CENSORED ---- Port 80 " ["SERVER_SOFTWARE"]=> string(125) "Apache/2.2.19 (Unix) mod_ssl/2.2.19 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635" ["UNIQUE_ID"]=> string(24) "UYUNcUPeiDsAABkR2eYAAAAj" ["PHP_SELF"]=> string(12) "/referer.php" ["REQUEST_TIME"]=> int(1367674225) ["argv"]=> array(0) < >["argc"]=> int(0) > 

Источник

Getting the referrer URL in php ( including parameters )

Are there any HTTP Headers I could use to grab the entire referrer URL using a webserver/server-side scripting? Including query string, et cetera?

2 Answers 2

You should be able to grab it from the $_SERVER[‘HTTP_REFERER’] variable.

I’m aware of this but are there any more http headers, or any other techniques? I believe the referrer can manually modify this http header so I thought there was some other technique that was in use.

The referrer is sent by the Browser I believe. And either way, if someone modifies it, they are going to modify it and you can’t really do anything about it. Unperfect world, unfourtunatley.

To add to Chacha’s point, I don’t know if you want to capture the client side hash part of the referrer URL (sometimes, you do). I.e. if the client came from «http://www.domain.com?x=3#y=5», the $_SERVER[‘HTTP_REFERER’] will only contain «http://www.domain.com?x=3», and the hash part won’t be sent up to the server.

If you want to capture that hash part (officially called the URL fragment), you can only do so if the referring page is your OWN page — i.e. if you can write code on that page. If it is, just send up an AJAX request to your statistics web service that captures referrers, and send the entire URL up (javascript does have access to that part of the URL).

I’ll add that I’ve done some research, and there are claims that «some browsers» send the hash, but my testing shows that none of the «modern» browsers (that is, IE 6+, Safari 2+, Firefox 2+, Opera 9+, Chrome) send the hash.

This question is in a collective: a subcommunity defined by tags with relevant content and experts.

Источник

Determining Referer in PHP

What is the most reliable and secure way to determine what page either sent, or called (via AJAX), the current page. I don’t want to use the $_SERVER[‘HTTP_REFERER’] , because of the (lack of) reliability, and I need the page being called to only come from requests originating on my site.

Edit: I am looking to verify that a script that preforms a series of actions is being called from a page on my website.

The PHP implementation is reliable. The problem is that not ever browser is sending this, and you can even modify it if you like. So it is not reliable that is is correct from the client’s side.

A possible way is to put a unique key (eg. a GUID) in one field of your page, and send it back in the next request.

5 Answers 5

The REFERER is sent by the client’s browser as part of the HTTP protocol, and is therefore unreliable indeed. It might not be there, it might be forged, you just can’t trust it if it’s for security reasons.

If you want to verify if a request is coming from your site, well you can’t, but you can verify the user has been to your site and/or is authenticated. Cookies are sent in AJAX requests so you can rely on that.

If you want to use this method, you should still check the referrer as well to prevent CSRF en.wikipedia.org/wiki/Cross-site_request_forgery

Ideally you should use a unique token per session per user (per request if you’re paranoid) to prevent CSRF attacks. Checking the referrer is just security by obfuscation and not quite a real solution.

@Seldaek no, checking the referer is not ‘security by obfuscation’. An attacker trying to perform a CSRF attack cannot control the referer sent by the victim’s browser, so checking it does protect against CSRF. However, I’ll stand by your conclusion that you should use a CSRF token instead, since the referer-checking approach has disadvantages including leaving you vulnerable if you have an open redirect on your site and breaking for user agents that strip the referer.

@MarkAmery it all depends what you are trying to defend against of course, but using client-specific http headers is overall not a very strong security model.

Источник

Using the HTTP_REFERER variable with PHP

When a web browser moves from one website to another and between pages of a website, it can optionally pass the URL it came from. This is called the HTTP_REFERER, and this post looks at how to use this variable with PHP.

Overview of http referers

Most web browsers pass the HTTP_REFERER variable by default, but in many this behaviour can be changed to not show it or to pass something else instead. There is also 3rd party anti-spyware etc software that can be installed on a user’s computer which also prevents the referrer information from being passed to the web server. Because it can also be changed to something else, the HTTP_REFERER cannot be trusted, but it is still useful for working out where people have come from.

Appearance in log files

The following examples are from an Apache web server’s log files.

The first example shows what a log entry looks like from someone coming from this website’s homepage to this particular post. I have made the HTTP REFERER part of the log line bold (you’ll need to scroll to the right to see it).

192.168.1.10 - - [16/Apr/2008:16:12:36 +1200] "GET /php-http-referer-variable/ HTTP/1.1" 200 2014 "https://www.electrictoolbox.com/" Mozilla/5.0 (compatible; Konqueror/3.5; Linux) KHTML/3.5.8 (like Gecko)"

The second example shows the same thing, but because it is represented by a – only it tells us the user has either gone directly to that page by typing the address in or using a bookmark etc, or is masking the HTTP REFERER with a browser option or a 3rd party tool.

192.168.1.10 - - [16/Apr/2008:16:12:36 +1200] "GET /php-http-referer-variable/ HTTP/1.1" 200 2014 "-" Mozilla/5.0 (compatible; Konqueror/3.5; Linux) KHTML/3.5.8 (like Gecko)"

Using HTTP_REFERER in PHP

The HTTP REFERER in PHP is stored in the $_SERVER super global, and can be referenced from anywhere in your PHP code like in the following example, which would simply write it out to the browser:

If the HTTP_REFERER has been set then it will be displayed. If it is not then you won’t see anything. If it’s not set and you have error reporting set to show notices, you’ll see an error like this instead:

Notice: Undefined index: HTTP_REFERER in /path/to/filename.php on line 3

To prevent this error when notices are on (I always develop with notices on), you can do this:

if(isset($_SERVER[‘HTTP_REFERER’]))

echo isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '';

The use of the ? operator will return the first value after the ? if the condition is true and the second value if the condition is false. It can be useful to use when you are wanting to assign the value of the HTTP_REFERER to a variable. e.g.:

$referer = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '';

Conclusion

It can be useful to use the HTTP_REFERER variable for logging etc purposes using the $_SERVER[‘HTTP_REFERER’] superglobal variable. However it is important to know it’s not always set so if you program with notices on then you’ll need to allow for this in your code. The above examples show one way of doing this.

Follow up posts

Have a read of my post titled «PHP: get keywords from search engine referer url» to find out how to use the HTTP_REFERER value to see what query string visitors have entered into a search engine.

Check Out These Related posts:

Источник

PHP referrer URL of a page

Referrer is the URL from where the visitor has arrived to the page. If you have reached here by clicking a link from google.com then google URL is the referrer for you in this page. We can find out the referrer by using PHP. This is useful for the webmasters to know where from the traffic to the site is coming. Which advertisement campaign is successful and which is not. We will also know the keywords used by the visitors in different search engines to arrive at the site. Here is the simple code to know the referrer in PHP

$ref=@$_SERVER[HTTP_REFERER]; echo "Referrer of this page = $ref ";

This is the code and here is your referer to this page
https://www.plus2net.com/

@ is used to suppress any error message is generated. You can remove it and check.

Breaking the referrer URL

https://www.google.co.in/url?sa=t&rct=j&q=&esrc=s&source=web&cd=6&cad=rja&uact=8 &ved=0CD4QFjAF&url=http%3A%2F%2Fwww.plus2net.com%2Fphp_tutorial%2Fphp_ip.php &ei=GC6tVL_ECYObuQSOp4KIBA&usg=AFQjCNFqBr-A1sG3F2UoqzmqnGUYVTvb9Q&bvm=bv.83134100,d.c2E

We are interested to know how many visitors are arriving from Google or from any other search engines. So we will find out the host part from this URL by using parase_url() function. This function returns us an array of elements. Here is the code to display the array.

scheme -> http host -> www.google.co.in path -> /url query -> sa=t&rct=j&q=&esrc=s&source=web& cd=6&cad=rja&uact=8&ved=0CD4QFjAF& url=http%3A%2F%2Fwww.plus2net.com%2Fphp_tutorial%2Fphp_ip.php& ei=GC6tVL_ECYObuQSOp4KIBA&usg=AFQjCNFqBr-A1sG3F2UoqzmqnGUYVTvb9Q& bvm=bv.83134100,d.c2E 

We are interested in only the domain part of this so we can get the name of the site sending us the visitors like this.

We can store only this information in a table and find out the domains which are sending us the traffic.

You can create one application where we will store only the domain part of the referral site and prepare a report saying which site has send how many visitors to a page or site.

Storing referrer along with other data.

Google has recently changed to secured search where search words are encrypted so they are no longer passed to user sites. Before that it was easy to find out search keywords using referrer string.

Getting search query from referrer address.

If the search is not encrypted then we can get the search query from the referrer query string. For this we will use one Bing search as an example. First we will break the referred url by using parse_url function and take out the query string part. From the query string we will take out the text query part by using parse_str function.

$url="https://www.bing.com/search?q=php%20get%20ip%20and%20network&form=MB1078&mkt=es-ES&setlang=es-ES"; $details=parse_url($url); $query_string=$details[query]; $query=parse_str($query_string,$output); echo $output[q];

Same way you can find out the ip address of visitors to your site by using PHP. Click here to know the IP address by using PHP.

Some of the browsers setting can be changed to stop the browser from sending any referrer information. Read here to know how you can change the settings for FireFox browser for referrer.
← IP address and Geo Location of visitor Storing visitor details in MySQL table →

plus2net.com

Источник