I'm trying to blocked website based proxy's. These are normally in the format of:
http://3.hidemyass.com/ip-8/encoded/Oi8vZ29kbGV5ZGVzaWduLmNvLnVrL0xDcmVkaXJlY3QvZnVuY3Rpb25zL2Z1bmN0aW9
My theory of blocking these is to get the URL of the address bar and check that it's actually direct access to my site, rather than visiting via a website proxy.
However, when i try to visit my site and attempt to capture the url of the user it still reports that its my sites url.. not this web based proxy one.
I've tried the following ways of detecting it:
$url= $_SERVER['HTTP_HOST']; //get the url
$url = $_SERVER["SERVER_NAME"];
any ideas on how to resolve this?
UPDATE
Ok i've rewrote part of this, however it always seems to be returning false... the $url is being passed correct as i can echo this out within the function. However it doesnt seem to be matching and returning false
<script>
var url = window.location.href;
<?php $url = "<script>document.write(url)</script>"; ?>
</script>
<?php
//
function checkURLIsSafe($url){
if(preg_match('/www/',$url)){
echo 'true';
} else {
echo 'false';
}
}
checkURLIsSafe($url);
?>
PHP runs on the server. It can only see the URL that was requested from it.
hidemyass.com will be requesting the normal URL from your server. There is no way to tell what URL the browser requested from hidemyass.com.
Approaches you could take include:
Checking the source ip against a list of known proxies
Using client-side JavaScript to read location.href
You cant do it with PHP only. What you can do is to check window.location.href with javascript, and if it's incorrect, send ajax request to server, which will block IP address.
Related
I've been trying to get the URL (including GET parameters) of a site that is displaying my image. This is because I want to extract one parameter of the URL.
A friend told me that she knew someone that could achieve this, but I don't know if he was doing it with an image. Also I don't think I can do it with a link because when going to external sites it will appear a warning page saying that you're being redirected outside, so if I put a link to my page and someone clicks, I will get the referrer URL of redirection warning page. I can't assure if my friend was telling the truth about this, but it's very likely that it was true.
All I could get with the image was the IP and other things of the HTTP header, but the referrer part is empty and I thought that the referrer contained the full URL I'm talking about.
This is what I have tried.
First the img tag in the other site in BBCode:
[img]http://______.com/get_image.php?i=myimage[/img]
And in my site this script in PHP, although any language that does the work would be good for me:
<?php
// Get name of image to be displayed (non-sanitized here for simplicity)
$filename = $_GET["i"];
// Here I want to get the site where image is being viewed
if (!empty($_SERVER['HTTP_REFERER'])) {
$visitor_url = $_SERVER['HTTP_REFERER'];
} else {
$visitor_url = "none";
}
// And write the referrer to a file just to test if it works
$fp = fopen('referer.txt', 'w');
fwrite($fp, $visitor_url);
fclose($fp);
// Eventually display the image
header('Content-Type: image/png');
readfile($filename . '.png');
?>
So my questions are:
Is it possible to get full URL of a site that is displaying my image?
If not, is there any other method to get the full URL?
Thank you in advance.
Note: I don't have any permision in the other site where I'm posting the image, I'm just an user there. Please tell me if I'm missing something or I have to ask this in another way, I'm new to StackOverflow.
Try REMOTE_HOST instead of HTTP_REFERER:
// Here I want to get the site where image is being viewed
if (!empty($_SERVER['REMOTE_HOST'])) {
$visitor_url = $_SERVER['REMOTE_HOST'];
} else {
$visitor_url = "none";
}
The web server where you are serving the image will need to be configured properly. If using Apache, this is with HostNameLookups On.
See http://php.net/manual/en/reserved.variables.server.php
Normally browsers are sending full referer with all URL components including query parameters - $_GET params. If they don't then there is no other way to achieve that URL while passing throught an image content.
Sometimes sending referer may be blocked, for eg. in some batch URL processing using some crawler like program/script or on some proxies.
In PHP receiving referer is done by $_SERVER['HTTP_REFERER'] because it's normally just http header from request and it's the only $_SERVER array key with referer info.
You added the .htaccess tag so I think you're using the Apache web server. If you'd like to prevent the issue entirely, you can disable hotlinking entirely by going one layer lower. Instead of managing in PHP, you can configure the web server to not serve content to domains other than the one you are hosting.
Check out the guide for more details.
I fixed this problem by switching my site (where image is hosted) to HTTPS. The code in my question was doing its job correctly.
It looks that HTTP_REFERER was blank because of it coming from an HTTPS site and my site being HTTP it would always send it blank. I was aware that it could be a problem, but didn't make much sense for me because HTTP_REFERER was also blank when coming from another HTTP site (which I think it's not normal) so I thought the error was in another place.
Usually HTTP_REFERER is sent when it comes from and goes to:
from HTTP to HTTP
from HTTPS to HTTPS
from HTTP to HTTPS
But it's not sent when it comes from and goes to:
from HTTPS to HTTP
And in my case, I don't know why, it wasn't being sent from HTTP to HTTP which was confusing me.
Hi guys hope you can help me with this. I want to get the "Domain name" of the requesting application from my API. Example:
Requesting url:
http://myrequestor.com/
API /Application URL:
http://myapi.com/request/validate/
Now on my validate function whenever an external application request something from the API URL I would like to retrieve the Domain name of the requesting application. Its something like I would like to know if the domain name requesting for it is among the blacklisted application.
Any idea guys? sorry for the confusing question.
Use $_SERVER["HTTP_REFERER"] - But not always set, can be manipulated, and not reliable. (Same goes for other HTTP headers)
<?php
if (array_key_exists('HTTP_REFERER', $_SERVER)){
//do your validation
if (in_array($_SERVER["HTTP_REFERER"], $myBlacklistDomains)){
//fail
}
}
else{
//fail?
}
?>
You should use php's SERVER function. Have a look at this. PHP SERVER .
You can use HTTP_REFERER in PHP.
The HTTP REFERER in PHP is stored in the $_SERVER super global, and can be referenced from anywhere in your PHP code like in the following example, which would simply write it out to the browser:
<?php
echo $_SERVER['HTTP_REFERER']; //Print the URL address from where user opens your link.
?>
Also check this link for more details : http://www.electrictoolbox.com/php-http-referer-variable/
I was wondering if it's possible to take a url request from an external server, process, and then return to the requester a different url. (specifically a media file)
For example: www.example.com/index.php?var1=blue&var2=green
I'd like to be able to use that url to access a media file hosted on the example.com server. I don't have access to code on the requesting site, so my php site index.php will need to take that url request and process based on the get vars, and the correct media file will be presented to the external site.
How about doing a redirect using header:
if (isset($_GET["var1"]) && $_GET["var1"] === "blue"){
header('Location: YOUR_BLUE_CONDITION_URL');
}else if (isset($_GET["var2"]) && $_GET["var2"] === "green"){
header('Location: YOUR_GREEN_CONDITION_URL');
}
As #Fred noted below, make sure you do not output anything prior to modifying the headers.
Im new to this and im trying to rewrite URL so that utm_expid is hidden so if my url is:
http://www.myweb.com/?utm_expid=67183125-2
how would i make it so when user visits
myweb.com
it does not show utm_expid in url
Is this possible using PHP/JS?
NOTE: i cant use RUBY or any other languages except PHP/JS/HTML
There is a way. Just redirect the page to base url once the utm_expid=67183125-2 is got. ie,
if($_GET['utm_expid']) { //header to redirect to myweb.com }
Its a tricky way. Hope you are permitted to use it.
Just start a session and store value in session variable. you can regain it even page is re directed.
ie
<?php
session_start();
if($_GET['utm_expid']) {
$_SESSION['variable_name']=$_GET['utm_expid']
//header to redirect to myweb.com
}
?>
Let me add this Javascript trick that is server agnostic.
if (location.search.indexOf('utm_expid') > -1) {
history.replaceState('page', 'Title', '/')
}
I recommend you to place it at the end of the body.
If you wanted a clean URL (as you do for branding and manual sharing purposes), I'd script it so that you load a full page iFrame which loads the gA test queried URL. That way the user see s the clean URL in the address bar and still see the experiment.
You could use PHP to set up your index page (or any server side, or even client side script).
a website has used a "301 permanent redirect" to my site is there a way i can set code that detects this and displays a page when my website is accessed through this?
Does anyone have any idea about this?
You can get only a referer. I think you will not be able to get the http status code on server which the client gets during last request.
So my answer is NO, you cannot get the 301 status code on your server.
But you can do a little of needed magic with referer variable.
e.g. in PHP you can read this:
$_SERVER['HTTP_REFERER'];
Not much you can do. If you were doing the 301, you could set the referrer to the querystring. But since you're not, you can only grab what the request has given you.
You can try using PHP's $_SERVER['HTTP_REFERER'] to track the source URL from where your visitor comes from. I think it's a bit dodgy though and might not yield the same result in all browsers. Even PHP's documentation says 'it cannot really be trusted'.
Why do you have to use .htaccess for the redirect? You could do something like this:
Site A's index.php:
header("Location: http://siteb.com/?ref=".urlencode('http://sitea.com');
Site B's index.php:
if(isset($_GET['ref']))
{
if($_GET['ref']=='http://sitea.com')
{
// Do something
}
}
Edit:
If you can't edit Site A's code or server settings, try using:
if($_SERVER['HTTP_REFERER']=='http://sitea.com')
{
// Do something
}