简体繁体 English

需要帮忙。我需要根据推荐人定向传入流量

[英]Need Help. I need to direct incoming traffic based on Referer

原文 2012-12-03 01:12:56 9 2 java/ javascript/ referer

So here's the deal. 所以这是交易。

I have a public page, that I cannot restrict to members only, that I need to check the incoming referer URL, and route traffic if coming from the proper domain. 我有一个公共页面，我不能只限于成员，我需要检查传入的引荐来源网址，如果来自正确的域，则要路由流量。 All other traffic, to be routed to an off site landing page. 所有其他流量将被路由到场外登陆页面。

E Commerce sales promotion between 2 companies, I only want to allow those who are coming in from the approved url. 两家公司之间的电子商务促销活动，我只想允许那些来自批准网址的人进入。

I would've tried to do this with robots.txt, but in this case I don't have access to that file (thanks to the CMS I'm using). 我会尝试使用robots.txt进行此操作，但在这种情况下，我无权访问该文件（由于使用的是CMS）。

I am pretty much forced to do this with Java. 我几乎不得不用Java做到这一点。 Any help is very much appreciated. 很感谢任何形式的帮助。

2 个解决方案

Referer in on-page Javascript is a very insecure way of doing things - for a start it will be world-readable. 页面Javascript中的引荐是一种非常不安全的处理方式-首先，它是世界范围内可读的。 If security is not a prime concern but you want something better than JS, I'd head to the web server and do it in .htaccess or the equivalent Question #10171698 如果安全不是主要问题，但是您想要比JS更好的东西，那么我将转到Web服务器，并使用.htaccess或等效的问题＃10171698

From Java use String referer = request.getHeader("referer"); 从Java使用String referer = request.getHeader("referer"); where request is an instance of type javax.servlet.http.HttpServletRequest . 其中request是类型javax.servlet.http.HttpServletRequest的实例。

As others have noted, spoofing the referer is trivial and shouldn't be your only form of security. 正如其他人指出的那样，欺骗引荐来源是微不足道的，并且不应该是您唯一的安全形式。