How to prevent access to script except for one IP in PHP?
Question
I have a static form on a server that does not support php:
<form action="http://otherserver.com/process_form.php"
I need the script on the file process_form.php to only be processed if the request is being sent by the static IP of the server on which the static form is hosted. How to do this?
If anyone other then that ip is attempting to request the script the script should be killed immediately.
2 answers
solution1
4 ACCPTED 2011-02-04 21:47:08
This will not work the way you want because the IP will be that of the client , never the server on which the form is hosted.
You are looking to test the
$_SERVER["HTTP_REFERER"]
header variable. That will tell you which page the originating form was hosted on - however, it is not safe. This header is set by the client, and can be freely manipulated.
solution2
1 2011-02-04 22:40:13
As Pekka noted, the HTTP referer can be easily spoofed. From a security perspective, this would not solve anything.
Also note that some clients and browser plugins set the referer to an empty string. Make sure that these can still access your form.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.