:redirect_to => :back only when HTTP[REFERER] available?

I've always solved it by intercepting the RedirectBackError and then
either send the user to an error page if they shouldn't have accessed
the link directly or to the home page if there's a chance they could
access directly.
You do this by overriding the rescue_action_in_public method.