Document referer

Hi, I want to allow only a handful of refering sites to access parts
of my application.

I understand that in rails I can use request.referer which does
identify the refering site correctly however is it possible for the
less desirable to "spoof" this in order to access the app.

If so is there any other way of protecting the app.

Thanks in advance.
Steve