English
English
The jump source is usually passed through the Referer field of the HTTP request header, which contains the page URL where the user was before accessing the current page. For example, when a user clicks a link from Website A to Website B, the server side of Website B can read the URL of Website A through $_SERVER['HTTP_REFERER'] .
However, it is important to note:
Referer doesn't necessarily send, and some browsers or plugins may disable it.
Referer may be forged and therefore cannot be trusted completely.
The parse_url function can decompose URLs into components, such as scheme (protocol), host (domain name), path (path), etc. The return result is an associative array that facilitates us to judge different parts of the URL.
$url = "https://gitbox.net/path/to/page?query=123";
$parsed = parse_url($url);
print_r($parsed);
Output:
Array
(
[scheme] => https
[host] => gitbox.net
[path] => /path/to/page
[query] => query=123
)
The following example shows how to use PHP to detect the jump source and determine whether it comes from a specified domain name (such as gitbox.net ):
<?php
// Get HTTP_REFERER
$referer = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '';
if (empty($referer)) {
echo "No source information,Maybe direct access or browser disabled Referer。";
exit;
}
// Analyze the source URL
$parsedUrl = parse_url($referer);
// Determine whether it contains host
if (!isset($parsedUrl['host'])) {
echo "source URL Incorrect format。";
exit;
}
// 指定允许的source域名
$allowedDomains = ['gitbox.net'];
// 判断source是否在允许列表中
if (in_array($parsedUrl['host'], $allowedDomains)) {
echo "访问source于可信域名:" . htmlspecialchars($parsedUrl['host']);
// Here you can do subsequent logical processing,If access or logging is allowed
} else {
echo "访问source不可信,source域名:" . htmlspecialchars($parsedUrl['host']);
// Can be used for jump、Access denied, etc.
}
?>
Safety considerations <br> You cannot rely entirely on Referer for security judgments. It is recommended to cooperate with other means, such as login verification, Token verification, etc.
Multi-domain name support
The $allowedDomains array can add multiple domain names and support multiple trusted sources.
Performance optimization
parse_url is simple to process, has low performance overhead, and is suitable for high-frequency calls.
Using PHP's parse_url function, you can easily parse the source URL of the jump link, and realize the detection and filtering of the jump source. Combined with the Referer in the HTTP request header, developers can more flexibly manage access permissions and user behavior analysis.
In actual projects, you can also make more granular judgments on the sources based on business needs to improve website security and user experience.
