Introduction to HTTP Referer

Search Sohu in Baidu, click the link in, grab the package information as follows:  get http://www.sohu.com/HTTP/1.1 Host:www.sohu.com Connection:keep-alive  user-agent:mozilla/5.0 (Windows NT 6.1; WOW64) applewebkit/535.4 (khtml, like Gecko) chrome/16.0.889.0 safari/535.4 accept:text/html,application/xhtml+ Xml,application/xml;q=0.9,*/*;q=0.8 referer: http://www.baidu.com/s?tn=baidusite&word=???  accept-encoding:gzip,deflate,sdch accept-language:zh-cn,zh;q=0.8 accept-charset:gbk,utf-8;q= 0.7,*;q=0.3 cookie:www1=w:1; vjuids=26e753894.132e8ab7273.0.c409be1c; Sci12=w:1; Ent12=w:1; Gn12=w:1; iploc=cn1200; suv=1110092031152327; Sohuhometab=visit:2; Turnad9=visit:3; Turnadzs19=visit:1; Turnadzs20=visit:2; Turnad351=visit:2; Turnad119=visit:1; Turnad118=visit:2; Turnad10=visit:2; Turnad120=visit:3; Turnad11=visit:2; Turnad414=visit:1; Turnad415=visit:1; Turnad349=visit:3; Turnadfankaniu=visit:2; Turnadab10e888e532c9887794784e83c9504c=visit:1; Www0=w:1; Full=w:1; Couplet=w:1; Tiyu11=w:1;Tiyu12=w:1; Vjlast=1318163543.1318741656.11 if-modified-since:sun, Oct 05:01:04 gmt  Where the red part is access to www.sohu.com, HTTP requests in the Referer, said through the Baidu search keyword ' Sohu ', click the link jump to.  http Referer is a part of the header, when the browser sends a request to the Web server, usually take referer, tell the server I was from which page link, the server can obtain some information for processing. For example, if you link to a friend from my home page, his server will be able to count the number of users who click on the link on my page to visit his website from HTTP Referer.  referer in fact should be the English word referrer, but there are too many misspelled people, so the people who write the standard will wrong.   about the use of HTTP Referer is very simple, the use of more occasions is used for page statistics, resources, such as anti-theft chain, but there is a point worth noting is: Referer is not safe, the client can be set to change the value in request, Try not to use it for safety verification and other aspects.  referer is not secure, the client can be set to change the value in the request, as far as possible not to be used for security verification and other aspects; The following describes a scenario in which Referer may appear empty by default:  1, the page jumps from HTTPS to HTTP, Should be in the security considerations, this point in the RFC-2616, the main browser adhere to this rule, such as IE, FF, but by default HTTPS to HTTPS will send Referer. &NBSP;2, enter the destination URL directly in the browser. &NBSP;3, since FF provides a very powerful custom parameter setting feature, we can modify the default settings for the following two options via the About:config page: Network.http.sendRefererHeader (default=2), Set the Referer send method, 0 is not sent at all, 1 is only sent when the link is clicked, when the image in the access page is not sent, 2 is always sent. Network.http.sendSecureXSiteReferrer (default=true), set whether to send referer,true for sending when accessing from one HTTPS to another HTTPS page, false to not send.  4, from the collection to visitAsk.  5, click ' Home ' or custom address  6, use JS to window.open and so on (and Location.href,location.replace ()).   in PHP, you can get the REFERER of HTTP via the predefined variable $_server, which is $_server[' http_referer '.  apache use Http_referer anti-theft chain  posted on October 16, 2011   Call Center Enterprise backend management system and the foreground agent system page has the audition and download function of call record recording, How do I not expose the recording address or the recording address when the user tries to listen and download the recording? This involves MP3, pictures and other resources of the anti-theft chain problem.   Simple, we can use the HTTP request header in the Referer judge, as long as the referer is the address of the internal Web site or a trusted address, you can access the appropriate resources. can be implemented via Apache's filesmatch configuration, added in Apache config file httpd.conf:  setenvifnocase Referer "^http://www.example.com" Local_ Ref=1 setenvifnocase Referer "^http://test.example.com" Local_ref=1 <filesmatch "\. (txt|doc|mp3|zip|rar|jpg|gif) ">     order allow,deny      Allow to request from Env=local_ref     #referer为www. example.com or test.example.com       allow from 127.0.0.1           #本机地址  </FilesMatch>   where the setenvif instruction sets the environment variable based on the client's request property, Setenvifnocase represents the variable when a condition is metAssignment, which is generally used in conjunction with other directives.   can also use regular expressions:  setenvif Referer "^http://(.) +\.ilinux\.cn/"Local_ref=1  setenvif Referer" ^http://(.) +\.isql\.cn/"Local_ref=1  setenvif Referer" ^http://(.) +\.other\.org\.cn/"Local_ref=1  setenvif Request_uri"/logo (.) + "Local_ref=0  <filesmatch" \. (Mp3|wmv|png|gif|jpg|jpeg|avi|bmp|ram|rmvb|rm|rar|zip|mp3) ">      order Allow, Deny      allow from Env=local_ref  </filesmatch>

The above configuration is also written to. Htaccess, there are also problems with the. htaccess file, such as performance. If you use a. htaccess file, Apache needs to find the file in each directory, and it must also look for it in all the more advanced directories, and you will need to read the. htaccess file each time a page is requested. Therefore, allowing the use of. htaccess files can result in degraded performance. For example, for a request to a page in/var/www/htdocs, Apache must look for the following files:/.htaccess/var/.htaccess/var/www/.htaccess/var/www/htdocs/.htaccess In general, it is more convenient and flexible to protect the website through the. htaccess. Finally can use Apache Mod_rewrite module and so on anti-theft chain.

Introduction to HTTP Referer