Is there a method of making the only means of accessing the admincp and modcp directories via a referrer from that direct URL?

if($_SERVER['HTTP_REFERER'] != "http://www.example.com/*"){
header("location: http://www.example.com/");
}


Is this method reliable? Do vBulletin send referring headers by default? and can you use wildcards (like I did above)?

For security?

It's easy to spoof the referrer, so it's not reliable at all. AFAIK not all browsers send the header either (though most do).

If you wanted a wildcard, you could use another function like strpos.

if (strpos($_SERVER['HTTP_REFERER'], 'http://www.example.com') !== 0) {

}Translates to, if referer string does NOT start with "http://www.example.com" then...

Anyway, not recommended if this is a preemptive strike for security.

It was just as a basic attempt to stop people directly linking to our admin CPs (i.e. having to log in first, then I would create a script to stop users & mods getting to the admin CP.