Is there anyway for POST data to come from a specific host?

Question

Is there anyway for POST data to come from a specific host?

I have a PHP script where it is very important that the POST data comes from a knowledge source. Judging by the "similar names", there is no real way to do this, since the headers can be faked. Is it possible to fake SERVER_ADDR? Could this be used as some kind of check when data is being sent from?

+5

php

maxum Jul 9 '11 at 10:50

source share

2 answers

if($_SERVER['REMOTE_ADDR'] != '127.0.0.10') {
    die('Not allowed!);
}
// rest of script...

$ _ SERVER ['REMOTE_ADDR'] is not from the headers provided by the client (it is supplied by apache and exits the network stack) and cannot be faked.

0

radio4fan Jul 9 '11 at 15:17

source share

Szocske · Accepted Answer · 2011-07-09T11:07:47+0000

Ignoring PHP, relying on the IP address that appears to come from the request is a pretty weak form of security. You should consider using HTTPS with separate client certificates passed to each trusted source.

SSL may seem complicated at first, but what you need here is not at all difficult, and you will gain a valuable skill by learning it.

Is there anyway for POST data to come from a specific host?

More articles: