How to filter incoming links

One of my clients wanted a simple filter to alert visitors coming from specific websites that they (the other site/company) was in no way associated with my client and his/hers services/products. Without knowing the exact IP I had to rely on PHP’s HTTP_REFERER. This predefined variable can be somewhat unreliable as a hacker may insert a fake value or the browser doesn’t set it. However, for the average visitor and browser (user agent) it seams to work as intended.

In order to make it easy to maintain I created a small function including an array containing the blacklisted domains. To make it work you need to include it before the XHTML header on all the files you want protected.

The PHP filter code

$strRef 	= strtolower($_SERVER['HTTP_REFERER']);
$arrayBlackList = array("","");
function filterBadSites($string)
 	global $arrayBlackList;
 	$intBadSites = count($arrayBlackList);
 	$strBlock = false;
 	$i = 0;
 	while($i < $intBadSites)
 		if(stristr($string, $arrayBlackList[$i]) === FALSE) {
 		} else {
 		$strBlock = true;
 	$i ++;
 	return $strBlock;

$applyFilter = filterBadSites($strRef);

Calling the function (filerBadSites)

 if ($applyFilter) {
 	echo "<h1 style=\"color:red\">Important info!</h1>n";
 	echo "<p>Some warning to the visitor.</p>n";

Although it’s not a bulletproofed method it will provide some protection. If you need to completely block someone you need to apply an IP filter as described in my post “Blocking unwanted visitors“. The IP address should be available in your server log or from submitted forms where you’ve added code to collect this kind of information (like WordPress’ comment form).

If you know of a better way to implement this “filter” please don’t hesitate to contact me!

About Author

One Comment on “How to filter incoming links”

Comments are closed.