Accepting get/post requests only from localhost

Question

Because the data size isn't little that my web app needs to load, it gets pretty slow some times so therefor I decided to add some jQuery ajax functions to load certain data upon request and then save it in a cache.

What I would like to know is how can I limit any GET or POST requests only from localhost/same server/same ip so I can avoid any calls from outside to my app?

That means that my php functions that returns data, should return data only if requested from localhost.

My web app runs on CodeIgniter's framework and my web server's configuration is a LAMP running on ubuntu.

Any ideas?

Answer 1

in the constructor you could use

if ($_SERVER['SERVER_ADDR'] != $_SERVER['REMOTE_ADDR']){
  $this->output->set_status_header(400, 'No Remote Access Allowed');
  exit; //just for good measure
}

However if this method isnt what you're looking for.. use .htaccess you can perform a quick google search to return a specific example for denying get/post to all and then allow for 127.0.0.1/localhost.

Answer 2

Using .htaccess is probably the best way, allow only from your local address and 127.0.0.1. I found this example at petergasser.com and changed it only slightly:

AuthName "bla"  
AuthType Basic  
<Limit GET POST>  
order deny,allow  
deny from all 
allow from 127.0.0.1
allow from <your-ip-here>
</Limit>  

Answer 3

I use like this, thanks to @gorelative

if( 
isset($_SERVER['REMOTE_ADDR']) AND ( $_SERVER['REMOTE_ADDR'] !== $_SERVER['SERVER_ADDR'] )
){
 die(' Access Denied, Your IP: ' . $_SERVER['REMOTE_ADDR'] );
}

Answer 4

Use a key (think of API keys) to send along the request to your server. Then on your server you check that key and if it's the right one you return data.