HTML:请求 - 响应重定向
假设我有一个网站 www.mySite.com
,并且有很多页面的链接为 www.mySite.com\contact.php
和 www。 mySite.com\about.php
。
如果我希望当有人输入像 www.mySite.com\about.php
这样的直接链接而不是打开该页面时,它应该转到页面 myPolicy.php
并那么 myPolicy.php
可能\可能不会将用户引向请求的页面...
如何做
我认为的一种方法是拥有一个 PHP 页面 myPolicy .php
并在每个页面的开头包含\require它,这样我就可以决定是否继续请求的页面或重定向到其他地方......
可以吗?
对于这种事情有更好的方法或最佳实践吗?
Lets say I have a website www.mySite.com
and there are a lot of pages whose links are www.mySite.com\contact.php
and www.mySite.com\about.php
.
What if I want that when someone enters a direct link like www.mySite.com\about.php
instead of opening that page it should go to a page myPolicy.php
and then myPolicy.php
may\may not refer the user to the requested page....
HOW to do IT
One method I thought is have a PHP page myPolicy.php
and include\require it in beginning of every page so than I can decide weather to continue the requested page or redirect somewhere else or not....
Is that okay?
Is there a better way or some best practice for this kind of thingy?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
如果您不需要太多的安全性,您可以这样做:
这个
$_SERVER['HTTP_REFERER']
不能被依赖,因为它是由浏览器提供的并且可以轻松更改。如果你想得到保证,你就必须想出更好的策略。例如,您可以使用登录系统。你必须明白,对于服务器来说,用户点击链接和用户请求 URL(写下来)是同一件事。您依赖浏览器信息(例如
$_SERVER['HTTP_REFERER']
)只是为了可用性,而不是安全性。if you don't need much security you could just do:
this
$_SERVER['HTTP_REFERER']
can't be relied since it's provided by the browser and can be easily changed.if you want assurance on that you will have to think of the better strategy. you could use a login system for example. you have to understand that for the server, a user clicking a link and a user requesting a url (writing it down) is just the same thing. you count on the browser info (like
$_SERVER['HTTP_REFERER']
) just for usability, not security.您可以要求存在 cookie,如果不存在则进行重定向,然后在 myPolicy 页面上设置 cookie。
但是,我强烈建议不要这样做。您将使您的网站无法被搜索引擎访问、无法在阻止 cookie(或引用网站,如果您这样做的话)的浏览器上无法使用、无法缓存且不利于深度链接(大多数网站都会欢迎这种方式)。
这不是一种普遍接受的做法,也不可能使“使用条款”更具法律约束力。
You could require a cookie be present, redirect if it isn't, and set the cookie on the myPolicy page.
However, I would strongly advise against doing this. You will be making your site inaccessible to search engines, unusable on browsers that block cookies (or referrers, if you did it that way), uncacheable and hostile to deep-linking (which most sites would welcome).
This is not a commonly accepted practice and it is unlikely to make ‘terms of use’ any more legally binding.