Inspect the referrer in PHP

Question

Is it possible to check who is entering your website in PHP. I have a web application ( written in PHP) that should only allow users entering from some particular websites.

Answer 1

Yes, but keep in mind some proxies and other things strip this information out, and it can be easily forged. So never rely on it. For example, don't think your web app is secure from CSRF because you check the referrer to match your own server.

$referringSite = $_SERVER['HTTP_REFERER']; // is that spelt wrong in PHP ?

If you want to only allow requests from a specific domain you'll need to parse some of the URL to get the top level domain. As I've learned more, this can be done with PHP's parse_url().

As andyk points out in the comments, you will also have to allow for www.example.com and example.com.