Iris

Appearance

HTTP Referrer

Learn how to handle HTTP referrer information in Iris.

Basic Referrer Handling

go
package main

import "github.com/kataras/iris/v12"

func main() {
    app := iris.New()

    app.Get("/referrer", func(ctx iris.Context) {
        // Get the referrer URL
        referrer := ctx.GetReferrer()

        ctx.JSON(iris.Map{
            "referrer": referrer.URL,
            "type":    referrer.Type,
        })
    })

    app.Listen(":8080")
}

Referrer Types

go
app.Get("/referrer-type", func(ctx iris.Context) {
    referrer := ctx.GetReferrer()

    // Check referrer type
    switch referrer.Type {
    case iris.ReferrerSearch:
        ctx.WriteString("Came from search engine")
    case iris.ReferrerSocial:
        ctx.WriteString("Came from social media")
    case iris.ReferrerIndirect:
        ctx.WriteString("Indirect traffic")
    case iris.ReferrerEmail:
        ctx.WriteString("Came from email")
    default:
        ctx.WriteString("Direct traffic")
    }
})

Referrer Policy

go
app.Use(func(ctx iris.Context) {
    // Set referrer policy
    ctx.Header("Referrer-Policy", "strict-origin-when-cross-origin")
    ctx.Next()
})

app.Get("/secure", func(ctx iris.Context) {
    referrer := ctx.GetReferrer()
    
    if referrer.Type == iris.ReferrerIndirect {
        ctx.WriteString("External referrer")
    } else {
        ctx.WriteString("Internal referrer")
    }
})

Referrer Validation

go
func validateReferrer(ctx iris.Context) bool {
    referrer := ctx.GetReferrer()
    allowedDomains := []string{
        "example.com",
        "trusted-site.com",
    }

    for _, domain := range allowedDomains {
        if strings.Contains(referrer.URL, domain) {
            return true
        }
    }

    return false
}

app.Get("/protected", func(ctx iris.Context) {
    if !validateReferrer(ctx) {
        ctx.StopWithStatus(iris.StatusForbidden)
        return
    }

    ctx.WriteString("Access granted")
})

Best Practices

  1. Security:

    • Validate referrers
    • Set proper policy
    • Handle missing values
    • Monitor access
    • Log suspicious patterns

  2. Implementation:

    • Check all types
    • Handle empty values
    • Document policies
    • Test thoroughly
    • Follow standards

  3. Performance:

    • Cache validation
    • Optimize checks
    • Monitor impact
    • Handle timeouts
    • Clean resources

  4. Maintenance:

    • Update policies
    • Monitor usage
    • Document changes
    • Regular testing
    • Review security

Built with excellence by Hellenic Development, delivering enterprise-grade solutions.

Copyright © 2025 Gerasimos Maropoulos