Hello, the only way we can do this is by using $_SERVER['HTTP_REFERER'] which sometimes need additional modifications if source location is in form of subdomain but since you want to allow access for users coming from facebook,com than it's ok.
Regards,
Anel