Welcome Guest, Not a member yet? Register   Sign In
Accept request from my app only


I have an application with codeigniter and the application just must respond requests from IP address or domain of the app.

How i can handle those parameters with codeigniter ?


[eluser]Colin Williams[/eluser]
You don't need CI's help (but it is there)

Plain PHP

$domain = $_SERVER['SERVER_NAME'];

With CI:

$ip = $this->input->server('REMOTE_ADDR');
$domain = $this->input->server('SERVER_NAME');

I'm not sure to what degree either of these can be spoofed, but you might want to research that.

You should really use a firewall for this.

I prefer to use tokenization to prevent this kind of activity. Its also useful for preventing double postage!

[eluser]Pascal Kriete[/eluser]
IP addresses are easy to spoof, particularly on packet level. The problem is that if you've spoofed the ip address you'll need to be around the server - usually in the same subnet - to catch the response.

I would go with a mix of ideas. Filter the ip (.htaccess filtering is easiest), and also send a unique token.
Most forms in your application should have a token anyways, to prevent csrf exploits.

Thanks for the replys Big Grin , i'll try block the external requests to app using the .htaccess file with this option
order deny,allow
deny from all
allow from .mydomain.com

If doesn't work i'll try with your examples, can post a example with token?

Examples with .htaccess


Thanks to all

.htaccess don't was usefully Sad now i'll try using tokens

Theme © iAndrew 2016 - Forum software by © MyBB