Accept request from my app only |
[eluser]psycho-vnz[/eluser]
Hi, I have an application with codeigniter and the application just must respond requests from IP address or domain of the app. How i can handle those parameters with codeigniter ? Thanks.
[eluser]Colin Williams[/eluser]
You don't need CI's help (but it is there) Plain PHP Code: $ip = $_SERVER['REMOTE_ADDR']; With CI: Code: $ip = $this->input->server('REMOTE_ADDR'); I'm not sure to what degree either of these can be spoofed, but you might want to research that.
[eluser]drewbee[/eluser]
I prefer to use tokenization to prevent this kind of activity. Its also useful for preventing double postage!
[eluser]Pascal Kriete[/eluser]
IP addresses are easy to spoof, particularly on packet level. The problem is that if you've spoofed the ip address you'll need to be around the server - usually in the same subnet - to catch the response. I would go with a mix of ideas. Filter the ip (.htaccess filtering is easiest), and also send a unique token. Most forms in your application should have a token anyways, to prevent csrf exploits.
[eluser]psycho-vnz[/eluser]
Thanks for the replys , i'll try block the external requests to app using the .htaccess file with this option Code: <Limit GET PUT POST> If doesn't work i'll try with your examples, can post a example with token? Examples with .htaccess http://www.md.chalmers.se/Support/Howtos/htaccess.thtml http://www.webmasterworld.com/apache/3537686.htm Thanks to all
[eluser]psycho-vnz[/eluser]
.htaccess don't was usefully now i'll try using tokens |
Welcome Guest, Not a member yet? Register Sign In |