Solved

getenv("HTTP_REFERER") returns empty string!?

Posted on 2003-11-24
3
1,131 Views
Last Modified: 2013-12-12
mail("My  Name <me@domain.com>", date("D, M j, Y - h:i a T", time()), "Connection from " . getenv("REMOTE_HOST") . " referred by " . getenv("HTTP_REFERER"), "From: \"Server Access!\" <server@site_server.com>");

I put this on my index page to mail me whenever someone visits my site. The referer returns the URL of my own bookmarks page, sited on the same server as this site, but under a different virtual domain name, but when others visit the site, the referer is blank, perhaps an empty string or a NULL. Why is the referer not being detected? Is there a way to fix it? Bonus question: can I get the IP address resolved with a reverse domain name lookup directly inside this little script?
0
Comment
Question by:mschrimsher
  • 2
3 Comments
 
LVL 15

Accepted Solution

by:
JakobA earned 250 total points
ID: 9815394
when a page is reached through javascript  (fx  self.location.href="yourpage.html")  the HTTP_REFERER is empty.  if people are directed to your site from a google search HTTP_REFERER will be set only if googles server remebers to set it in a header before they redirect.

So you cannot expect referrer to always be set.

You should not fetch it with the getenv function though, use the $_SERVER array:

 mail("My  Name <me@domain.com>", date("D, M j, Y - h:i a T", time()), "Connection from " . getenv("REMOTE_HOST") . " referred by " . $_SERVER["HTTP_REFERER"], "From: \"Server Access!\" <server@site_server.com>");

regards JakobA
0
 
LVL 15

Expert Comment

by:JakobA
ID: 9815406
0
 

Author Comment

by:mschrimsher
ID: 9815426
Jakob: Thanks! I find that about half the referers are being reported now, so I guess I just had a run of bad luck in the beginning. I do get a lot of Google traffic due to AdSense, so that may be part of it--I will correlate the IP addresses to the blank referers and see if there's a pattern. The reference to $_SERVER that you sent said that it was a version 4.1 introduction, and I am using
a 3.x version of PHP now. My ISP offers 4.x as as module, and I have planned to move over for other reasons anyway, so when I do, I will change to $_SERVER. Thanks again!
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Deprecated and Headed for the Dustbin By now, you have probably heard that some PHP features, while convenient, can also cause PHP security problems.  This article discusses one of those, called register_globals.  It is a thing you do not want.  …
Author Note: Since this E-E article was originally written, years ago, formal testing has come into common use in the world of PHP.  PHPUnit (http://en.wikipedia.org/wiki/PHPUnit) and similar technologies have enjoyed wide adoption, making it possib…
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now