Accept request from my app only - Printable Version +- CodeIgniter Forums (https://forum.codeigniter.com) +-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20) +--- Forum: Archived General Discussion (https://forum.codeigniter.com/forumdisplay.php?fid=21) +--- Thread: Accept request from my app only (/showthread.php?tid=11675) |
Accept request from my app only - El Forum - 09-18-2008 [eluser]psycho-vnz[/eluser] Hi, I have an application with codeigniter and the application just must respond requests from IP address or domain of the app. How i can handle those parameters with codeigniter ? Thanks. Accept request from my app only - El Forum - 09-19-2008 [eluser]Colin Williams[/eluser] You don't need CI's help (but it is there) Plain PHP Code: $ip = $_SERVER['REMOTE_ADDR']; With CI: Code: $ip = $this->input->server('REMOTE_ADDR'); I'm not sure to what degree either of these can be spoofed, but you might want to research that. Accept request from my app only - El Forum - 09-19-2008 [eluser]thurting[/eluser] You should really use a firewall for this. Accept request from my app only - El Forum - 09-19-2008 [eluser]drewbee[/eluser] I prefer to use tokenization to prevent this kind of activity. Its also useful for preventing double postage! Accept request from my app only - El Forum - 09-19-2008 [eluser]Pascal Kriete[/eluser] IP addresses are easy to spoof, particularly on packet level. The problem is that if you've spoofed the ip address you'll need to be around the server - usually in the same subnet - to catch the response. I would go with a mix of ideas. Filter the ip (.htaccess filtering is easiest), and also send a unique token. Most forms in your application should have a token anyways, to prevent csrf exploits. Accept request from my app only - El Forum - 09-19-2008 [eluser]psycho-vnz[/eluser] Thanks for the replys , i'll try block the external requests to app using the .htaccess file with this option Code: <Limit GET PUT POST> If doesn't work i'll try with your examples, can post a example with token? Examples with .htaccess http://www.md.chalmers.se/Support/Howtos/htaccess.thtml http://www.webmasterworld.com/apache/3537686.htm Thanks to all Accept request from my app only - El Forum - 09-20-2008 [eluser]psycho-vnz[/eluser] .htaccess don't was usefully now i'll try using tokens |