1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 7:35 am May 23, 2026

Forum Moderators: coopster

Message Too Old, No Replies

Will this stop referer spoofing

Will this stop referer spoofing and protect content

         

eltreno

10:05 pm on Feb 27, 2007 (gmt 0)

10+ Year Member



Hello

I'm interested if someone can tell me if this idea will succesfully stop referer spoofing

As we know it's not hard

telnet
GET etc HTTP/blah
referer url etc
Thanks for coming!

But what if your page 'A' accepts only from refereres from example.com, But has no hidden info. But it does set a session variable, like

$_SESSION['showcontent'] = 'yes';

Then on page 'A' you have a link to your content page, page 'B' with hidden protected content (Forgetting logged in users etc etc I know that's the best way, but looking at an easy work around)

Now page 'B' only shows protected content after checking:-

if ($_SESSION['showcontent'] == 'yes'){

//show content

}

Would this be a reasonable work around, as I don't think you can pass a session across multiple telnet calls?

I'm not an expert on spoofing referers but have a situation where I would like to do something like this

So I am interested if spoofing is still possible to get content from page 'B', considering the above.

Thanks
eltreno

eelixduppy

10:41 pm on Feb 27, 2007 (gmt 0)



Your method seems like it would work a little better than just checking for a referrer, however, as a general rule of thumb, you shouldn't trust info that could potentially be altered by a user. Using both the referrer checking method and this one you have described will provide more "security", although not 100% foolproof.

If the content is truly meant to be hidden, then I'd go with a login system or an ID validation--something along those lines.

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / PHP Server Side Scripting 7:35 am May 23, 2026