What I'm trying to do is use PHP to redirect from web site A to web site B (both are different domains), but I want the referrer in the HTTP headers to be set to web site A (the page that performed the redirect). So, that is, web site B will see web site A as a referrer.
You can use something like <meta http-equiv="refresh" content="1;url=http://siteb.net"> on your site A.
I'm pretty certain that the sending the referrer is ultimately up to the web browser, not PHP.
You could probably send the address via $_GET though.
Edit: You won't be able to change the referrer (misread the post, derp).
I've checked using localhost and a dummy script. The browser does send the referer in the HTTP even at redirections.
To test this, I created a script called testRefererRedirect.php:
<?php
if($_GET['a']){
if($_SERVER['HTTPS'] && $_SERVER['HTTPS'] != 'off'){
echo $_SERVER['HTTP_REFERER'];
}else{
header('Location: https://localhost/testrefererredirect.php?a=1');
}
}else{
echo 'test';
}
To emulate cross domains, I used HTTP and HTTPS for my local server.
On first load, the page will show a link: I will click this link to allow the browser to send the referer in the headers. Next, because I load the page initially in HTTP the header function will be called. Finally, the HTTP referer header meant for the 2nd step showed up in the 3rd step.
Conclusion
You can safely use $_SERVER['HTTP_REFERER'] on website B to capture the refer information meant for website A if you do redirection on website A.
Related
When I try to submit a form from Https to http it shows:
Form Insecure are you sure you want to submit?
when I submit the page, it starts loading and it hangs forever. This form submitting works on android PC and safari mac.
As I said in comments, change all instances of http:// to // for scripts, images, etc. they will automatically detect either protocol for the environment it's in.
If as you say it redirects to an https protocol rather than what you would like it to redirect to http, you can simply use a header or other form of redirection.
Examples:
header("Location: http://example.com/other_page.php");
exit; // This stops further execution
or a meta method:
<meta http-equiv="refresh" content="0;url=finalpage.html">
or Javacript:
window.location.replace("http://example.com/");
The above examples were pulled/borrowed from:
How to make a redirect in PHP?
there is a target site like https://target.com/ and i have hosted another site likehttp://mysites.com/index.php.
when users connect to my site i want to redirect them to the target site with manipulated Host header parameter(for example if in normal the host header is target.com i want the user request the redirected site with Host:google.com host header value).
what is the simple way to do it ??? i have already tried header in php and didnt get answer and i dont have enough knowledge to use cUrl to redirect users with new host header.
Redirect in PHP can be done with header function: http://php.net/manual/ru/function.header.php In your case it'll look like this:
header("Location: http://target.com/");
I've been trying to get the URL (including GET parameters) of a site that is displaying my image. This is because I want to extract one parameter of the URL.
A friend told me that she knew someone that could achieve this, but I don't know if he was doing it with an image. Also I don't think I can do it with a link because when going to external sites it will appear a warning page saying that you're being redirected outside, so if I put a link to my page and someone clicks, I will get the referrer URL of redirection warning page. I can't assure if my friend was telling the truth about this, but it's very likely that it was true.
All I could get with the image was the IP and other things of the HTTP header, but the referrer part is empty and I thought that the referrer contained the full URL I'm talking about.
This is what I have tried.
First the img tag in the other site in BBCode:
[img]http://______.com/get_image.php?i=myimage[/img]
And in my site this script in PHP, although any language that does the work would be good for me:
<?php
// Get name of image to be displayed (non-sanitized here for simplicity)
$filename = $_GET["i"];
// Here I want to get the site where image is being viewed
if (!empty($_SERVER['HTTP_REFERER'])) {
$visitor_url = $_SERVER['HTTP_REFERER'];
} else {
$visitor_url = "none";
}
// And write the referrer to a file just to test if it works
$fp = fopen('referer.txt', 'w');
fwrite($fp, $visitor_url);
fclose($fp);
// Eventually display the image
header('Content-Type: image/png');
readfile($filename . '.png');
?>
So my questions are:
Is it possible to get full URL of a site that is displaying my image?
If not, is there any other method to get the full URL?
Thank you in advance.
Note: I don't have any permision in the other site where I'm posting the image, I'm just an user there. Please tell me if I'm missing something or I have to ask this in another way, I'm new to StackOverflow.
Try REMOTE_HOST instead of HTTP_REFERER:
// Here I want to get the site where image is being viewed
if (!empty($_SERVER['REMOTE_HOST'])) {
$visitor_url = $_SERVER['REMOTE_HOST'];
} else {
$visitor_url = "none";
}
The web server where you are serving the image will need to be configured properly. If using Apache, this is with HostNameLookups On.
See http://php.net/manual/en/reserved.variables.server.php
Normally browsers are sending full referer with all URL components including query parameters - $_GET params. If they don't then there is no other way to achieve that URL while passing throught an image content.
Sometimes sending referer may be blocked, for eg. in some batch URL processing using some crawler like program/script or on some proxies.
In PHP receiving referer is done by $_SERVER['HTTP_REFERER'] because it's normally just http header from request and it's the only $_SERVER array key with referer info.
You added the .htaccess tag so I think you're using the Apache web server. If you'd like to prevent the issue entirely, you can disable hotlinking entirely by going one layer lower. Instead of managing in PHP, you can configure the web server to not serve content to domains other than the one you are hosting.
Check out the guide for more details.
I fixed this problem by switching my site (where image is hosted) to HTTPS. The code in my question was doing its job correctly.
It looks that HTTP_REFERER was blank because of it coming from an HTTPS site and my site being HTTP it would always send it blank. I was aware that it could be a problem, but didn't make much sense for me because HTTP_REFERER was also blank when coming from another HTTP site (which I think it's not normal) so I thought the error was in another place.
Usually HTTP_REFERER is sent when it comes from and goes to:
from HTTP to HTTP
from HTTPS to HTTPS
from HTTP to HTTPS
But it's not sent when it comes from and goes to:
from HTTPS to HTTP
And in my case, I don't know why, it wasn't being sent from HTTP to HTTP which was confusing me.
How can I check if I was redirected from another domain to page or opened directly in right domain?
Thanks for answer!
I assume from the tags, which you assigned that you own an server, running PHP and want to know whether the users, visiting your page are comming from a page belonging to your domain or from somewhere else.
This is normally stored in the referer header of an HTTP request.
Try accessing it in PHP with $_SERVER['HTTP_REFERER']
The variable should contain the whole path of the source page and you can extract the domain/hostname using parse_url()
Complete example:
<?php
$sourcehost = parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST);
?>
I tested it but ufortunately, after redirect 301 there is no data stored in the $_SERVER['HTTP_REFERER'] variable.
i would like to use HTTP_REFERER to send my own referer.
Like this http://mywebsite.com/spoof.php?newurl=anotherwebsite.com
this is what i have but doesn't work
spoof.php
<?php
$referer = (www.website.com, $_SERVER['HTTP_REFERER']);
?>
You want to send people to another url with a spoofed referer?
thats not possible.
The referrer is controlled by the client (ie. their browser).
http://en.wikipedia.org/wiki/HTTP_referrer
They send it to the new URL when you redirect them.
You can make a request with that PHP file using the spoofed header with cURL, but you can not send the client there.
Best you can do is echo a link with rel="noreferrer" and hope the user's browser supports it (and this only nulls the referrer, it doesn't change it). Or alternatively send the Location header which will turn the referrer to your site.
You can't override the referrer header that the user's browser sends. If you want to control the referrer header like that, then your only option is to send the request yourself, by doing either:
Have your server act as a proxy for the request. Construct a new HTTP request server-side, set the referrer header to whatever you want, and return the result to the client. Note that you will have to rewrite any relative URL's in the target site's markup if you want the page to display and function correctly for the user.
Create your own browser (or perhaps browser-plugin) and get people to use that. Then you can set headers however you want.