:redirect_to => :back only when HTTP[REFERER] available?

I've always solved it by intercepting the RedirectBackError and then either send the user to an error page if they shouldn't have accessed the link directly or to the home page if there's a chance they could access directly. You do this by overriding the rescue_action_in_public method.