Remember that the referer information is still sent by the client,
and thus cannot be trusted (unless you assume that a cracker
would *only* use a compliant browser to attack your system). If
someone is trying to crack your site, this approach will not fully
prevent them from doing so.