How to check if perl cgi request comes from localhost

Question

How to check if perl cgi request comes from localhost

I would like to open a service written in Perl for localhost HTTP requests. I do not want to change the configuration of Apache. How to check if a Perl CGI HTTP request is generated from localhost?

I want this check to succeed even if this call is made through a virtual host, for example. https://www.myserivce.com/hidden/service.pl , given that the call is made from within www.myserivce.com.

+4

http perl cgi

agsamek Sep 28 '11 at 10:45

source share

3 answers

REMOTE_ADDR , but this is a dumb way to do this because you put the authentication logic in the application.

Instead, it binds the stand-alone web server to the local interface only , so the network IP / network stack of the operating system ensures that no request from outside can reach the server.

+10

daxim Sep 28 '11 at 11:16

source share

I think that if you put an entry with myservice.com and ip 127.0.0.1 in the /etc/hosts , then all requests from localhost to your site will have REMOTE_ADDR set to 127.0.0.1.

I am afraid that this is the only way to do this if you are not making 127.0.0.1/hidden/service.pl requests instead of myservice.com/hidden/service.pl

+1

Tudor constantin Oct 9 '11 at 8:05

source share

agsamek · Accepted Answer · 2011-10-11T12:27:43+0000

I used the following code:

my $server_addr = inet_ntoa(scalar gethostbyname(hostname() || 'localhost')); my $call_addr = $query->remote_addr(); die unless $call_addr eq "127.0.0.1" || $call_addr eq $server_addr;

I don't think it covers all cases, but it seems to work with my setup. If someone knows a general solution, post it here.

How to check if perl cgi request comes from localhost

More articles: