Difficulties in storing referring site name and ip address
Question
My scenario is this : 1st site sends a request with various parameters as query strings by php curl to 2nd site. 2nd site class method handles the request with various comparisons on the incoming parameters and stores some data in table along with referring site(1st site) name and IP address by this way -
$url = parse_url($_SERVER['HTTP_REFERER']);
$ref_site = $url['host'];
$ref_site_ip = gethostbyname($ref_site);
But it's not working in my production server when i was testing it, there is no value for $ref_site and $ref_site_ip variables meaning $_SERVER['HTTP_REFERER'] is not working for many reasons, may be for 1st site's curl request....
does following works properly ?
$_SERVER['REMOTE_ADDR'], $_SERVER['REMOTE_HOST']
It's look like by $_SERVER['REMOTE_ADDR'] i saw a IP address which i did not verify fully for whether it's referring site(1st site) ip or 2nd site ip, i will update about it soon if possible.
Now what other ways i can get referring site name and IP certainly ?
FYI I will have no control on 1st site codes because those sites will be of various users and those site codes used curl to send request which i definitely know coz those are my known cms site.
1 answers
solution1
0 2017-05-26 13:34:25
You can use IP protection later in .htaccess like this.
This will block all files in folder cron
<FilesMatch "cron\.php$">
Order deny,allow
Deny from all
Allow from 10.0.0.0/24
</FilesMatch>
This will only block files with name cron.php
<Files "cron.php">
Order deny,allow
Deny from all
Allow from 10.0.0.0/24
</Files>
Now to your security. The best way would be to create hash for every query. For instance in the file that send request.
$time = time();
$secret = 'MySecretWord';
// Your IP address that will be detected in $_SERVER['REMOTE_ADDR'] on accepting server
$ip = '10.10.10.10';
$hash = md5($time.$ip.$secret);
Now you include this $hash and $time into GET request. And on accepting site
$ip = $_SERVER['REMOTE_ADDR']
$time = $_GET['time'];
$secret = 'MySecretWord';
$hash = md5($time.$ip.$secret);
if($hash != $_GET['hash'])
{
echo "Back off a*hole!";
exit;
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.