CSS Codes
CSS Layouts
Results 1 to 3 of 3

Thread: block php file access from serverside only...

  1. 05-31-2010, 08:55 AM #1
    chetanmadaan
    chetanmadaan is offline Junior Coders
    Join Date
    Apr 2008
    Location
    Little Office!
    Posts
    80
    Thanks
    15
    Thanked 0 Times in 0 Posts

    Default block php file access from serverside only...

    Hi,

    we are looking for a solution where we can block the access of the files from server side only. i mean the file should only execute in two conditions.

    1. if the request is coming from a specefic url (example: www.google.com or whatever)

    2. if the file is being requested a post request and not direct access.

    well, we are using a sms gatery and here is how it works.

    PHP Code:
    http://www.mywebsite.com/incomingsms.php?xml=<?xml version="1.0"
    encoding="UTF-8" ?><TRUMPIA> <phonenumber>1234567890</phonenumber>
    <keyword>keyword</keyword> <contents>contents</contents> </TRUMPIA>
    My question is, how can we make sure the URL is triggered from Trumpia SMS
    server. If any spammer/hacker knows the URL then he can simple inject the
    values and make a URL Launch.

    Thanks.
    Let me know?
    Reply With Quote Reply With Quote
  2. 05-31-2010, 09:23 AM #2
    djr33's Avatar
    djr33
    djr33 is offline Global Moderator
    Join Date
    Mar 2006
    Location
    Illinois, USA
    Posts
    12,164
    Thanks
    265
    Thanked 690 Times in 678 Posts

    Default

    I'm not sure I fully understand your question. You need to make a very clear list of conditions either to allow or to block. You just need one of those.

    Based on that, you can just output nothing (or an error or whatever you want) if it doesn't match.

    $_SERVER will hold what you need.
    http://www.php.net/manual/en/reserve...les.server.php

    There are a lot of them, and they vary by server.

    'REMOTE_ADDR' will identify the requester's IP address and this is 100% reliable (unless there is a proxy and then you will have the proxy's IP instead).

    'HTTP_REFERER' [spelled like that] is NOT reliable as it is not required and can be faked, but it will give you the location from which it was requested, like where the user clicked a link. This isn't great for blocking/banning people, though, because you can't be sure it's right. Most of the time it will be so it's a good way to guess, but if this is a required feature of your website then it's not a great idea.

    'HTTP_USER_AGENT' is also not reliable for the same reasons and it may not be sent in some cases. But it's a way to guess about what the user is using for a browser/OS/etc.

    'REQUEST_METHOD' appears to be reliable and this will tell you the method used. This can identify post, for example.


    Anyway, let's say you want to block an IP address. Here's an example. The same logic applies for another condition, just change what's in the if:
    PHP Code:
    if ($_SERVER['REMOTE_ADDR']=='1.2.3.4') {
       exit(    'You are not allowed to access this page');
    Daniel - Freelance Web Design | <?php?> | <html>| español | Deutsch | italiano | português | català | un peu de français | some knowledge of several other languages: I can sometimes help translate here on DD | Linguistics Forum
    Reply With Quote Reply With Quote

  3. The Following User Says Thank You to djr33 For This Useful Post:

    chetanmadaan (05-31-2010)
  4. 05-31-2010, 09:26 AM #3
    chetanmadaan
    chetanmadaan is offline Junior Coders
    Join Date
    Apr 2008
    Location
    Little Office!
    Posts
    80
    Thanks
    15
    Thanked 0 Times in 0 Posts

    Default

    all i can say is thank you so very much.i think that's it. anyone else?
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules