Only allow a certain domain to access my php files
Question
I am trying to prevent a php file from being accessed directly through a browser or anything else, unless its coming from a authorised domain.
I used the php header Access-Control-Allow-Origin like this:
header('Access-Control-Allow-Origin: http://www.example.com');
But it still doesn't block direct access.
UPDATE:
I tried to .htaccess method:
order deny,allow
deny from all
allow from <your ip>
and this one too:
<RequireAll>
Require ip <your ip>
</RequireAll>
I also tried using both with domain names.
With this I managed to block direct access, but I also blocked my app from accessing it too.
I get:
No 'Access-Control-Allow-Origin' header is present on the requested resource.
and I added:
header('Access-Control-Allow-Origin: myappdomain.com');
Still not working.
1 answers
solution1
1 2017-01-23 16:23:42
How about using $_SERVER['HTTP_REFERER'] ?
Sample code:
if($_SERVER['HTTP_REFERER'] !== 'gooddomain.com'){
die('Unauthorized access');
}
Although this can be manipulated or altered quite easily, unless you control both the sending and the receiving server there isn't much more you can do.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.