Welcome Guest, Not a member yet? Register   Sign In
Accept request from my app only
#1

[eluser]psycho-vnz[/eluser]
Hi,

I have an application with codeigniter and the application just must respond requests from IP address or domain of the app.

How i can handle those parameters with codeigniter ?

Thanks.
#2

[eluser]Colin Williams[/eluser]
You don't need CI's help (but it is there)

Plain PHP

Code:
$ip = $_SERVER['REMOTE_ADDR'];
$domain = $_SERVER['SERVER_NAME'];

With CI:

Code:
$ip = $this->input->server('REMOTE_ADDR');
$domain = $this->input->server('SERVER_NAME');

I'm not sure to what degree either of these can be spoofed, but you might want to research that.
#3

[eluser]thurting[/eluser]
You should really use a firewall for this.
#4

[eluser]drewbee[/eluser]
I prefer to use tokenization to prevent this kind of activity. Its also useful for preventing double postage!
#5

[eluser]Pascal Kriete[/eluser]
IP addresses are easy to spoof, particularly on packet level. The problem is that if you've spoofed the ip address you'll need to be around the server - usually in the same subnet - to catch the response.

I would go with a mix of ideas. Filter the ip (.htaccess filtering is easiest), and also send a unique token.
Most forms in your application should have a token anyways, to prevent csrf exploits.
#6

[eluser]psycho-vnz[/eluser]
Thanks for the replys Big Grin , i'll try block the external requests to app using the .htaccess file with this option
Code:
<Limit GET PUT POST>
order deny,allow
deny from all
allow from .mydomain.com
</Limit>

If doesn't work i'll try with your examples, can post a example with token?

Examples with .htaccess

http://www.md.chalmers.se/Support/Howtos/htaccess.thtml
http://www.webmasterworld.com/apache/3537686.htm

Thanks to all
#7

[eluser]psycho-vnz[/eluser]
.htaccess don't was usefully Sad now i'll try using tokens




Theme © iAndrew 2016 - Forum software by © MyBB