Http_referer

[ajc]

My site uses the PHP variable $HTTP_REFERER to provide a link back to the calling page. This worked fine, but now the server has been upgraded to 4.1.2 it seems to have stopped working.

If I look at phpinfo on my domain the variable is not shown. Where has it gone, and what can I do to recover it ?

Has anyone else noticed this problem ?

Allen

[ajc]

Doesn't anyone else use HTTP_REFERER in PHP ?

Allen

[ajc]

This is the reply I got from a trouble ticket:

Hello Allen,
We have turned HTTP_REFERER off on all of the servers because it causes high server.

Allen

[Jim Dam]

$HTTP_REFERER works on my site (well, in the form $_SERVER['HTTP_REFERER'] at least).

[ajc]

Jim,

What server are you on ?
I put the $_SERVER['HTTP_REFERER'] form into a PHP that I link to from http://www.mavis-crafts.com/test.html, but nothing gets displayed. The code I use in the PHP page is:

<?php echo $_SERVER['HTTP_REFERER']; ?>

Is there anything wrong with that ?

Allen

[Jim Dam]

Actually, I don't know which server I'm on right now. I'll try to find out.

But, I believe it might be your browser, for this is what I see when I go to that page and click the link:
http://www.mavis-crafts.com/test.html

What browser are you using? I am using Internet Explorer 6 on Windows XP, and I believe referer works in most browsers, but not all.

[JoeF]

Quote:

Hello Allen,
We have turned HTTP_REFERER off on all of the servers because it causes high server.

LMAO, it causes the server to smoke pot or do crack or something?

[ajc]

I am using IE6 on Windows XP professional. I seems to work okay from another machine using IE5 and Windows NT4. So it looks like it is an environmental thing.

I also have ZoneAlarm Pro and Norton Antivirus 2002 running. I'm not sure if these could be affecting the setup.

Allen

[top5mov]

firewalls like ZoneAlarm or Norton can prevent the HTTP_REFERER from being included in http headers.

as a replacement for the referer variable, a cookie indicating the previous page could be used. basically, every page on your site would read a cookie called, say, "previousPage" and use that as the input for the "back" link. then, write the name of the current page to the "previousPage" cookie, so that the next page you load will know you came from the current page.

obviously, that only works for returning visitors to other parts of your own site, but at least it's an option.

[ajc]

Of course this assumes that all users accept cookies. The other way would be to send it as part of the query string (since it is going to a PHP script).

[ajc]

After have a play with Zonealarm Pro I found the source of my problem. The firewall was set-up to remove what it calls 'private header information'. This seems to remove the referer information.

The trouble now is that I need a solution as anyone using my site could be having problems due to this 'feature'.

I think the only reliable solution is to pass the page as a parameter in the query string.

Any better solutions ?

Allen