Comments for mod_access_referer

09 Jul 2000 14:03 inoshiro

Bad way of controlling access.
Restricting access via referrer is poor. Why? Because people will fake it to get at what they want. It's not hard. Plus any privacy programs (such as Junkbuster (http://www.waldherr.org/junkbuster/)) spoof the referrer. This leads to problems.

Sites such as Xoom, Angelfire, and Tom's Hardware are all unusable to me (and others) because they enforce "referrer checks" ... If I try to load a story page in Tom's hardware, I just get the "default" front page (and annoying hammer logoes everywhere). The web is about linking, yet this breaks it completely! I can't even point to a specific page of a story, let alone read it. I don't browse Tom's Hardware anymore, and I won't browse other sites which break because of the spoofed referrer.

My suggestion: enforce IP checks (has this IP been on another page in our site in the past few minutes? If Yes, ...). This is very easy to do with a little PHP or Perl code included in your pages, and could probably be written as a mod very easily. Your site would still work for privacy concious individuals, and deep linkers would have a bit more trouble accessing your content.

Screenshot

Project Spotlight

ReciJournal

An open, cross-platform journaling program.

Screenshot

Project Spotlight

Veusz

A scientific plotting package.