Solved

Server variables for protection

Posted on 2016-10-29
6
32 Views
Last Modified: 2016-10-29
How can I be sure if my html form posted from the  server I trust or outside spammer?

I want to let one of my friend post data from the server i can trust to my page, however i want to block the rest posting data or redirect the page if the form is not coming from trusted server.

How can i do that?
0
Comment
Question by:Braveheartli
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 110

Accepted Solution

by:
Ray Paseur earned 500 total points
ID: 41865114
There is a hierarchy of protections you can apply.  First, let me start by saying that nothing in any HTTP request can be completely trusted.  If the request does not expose important business information or change the data on your server, you do not need to know the origin of the request - it might just be Google setting up links to your site.

So let's assume that you're willing to do a little work to secure a page and make it trustworthy.  Here are some things that may be helpful.

You can password-protect the page using PHP client authentication.  This will let you control who can see the page or post information.

If you just want to be sure that the request came from a human being, you can use CAPTCHA techniques.  There are many such techniques, some are even invisible, but the invisible ones are difficult to prove effective.

If you want to be sure that the request came from a web page in your web site, you might use a form token (the article shows how to check the referrer* variables, too).

If you want to be sure the request came from a specific server, you can test the IP address.  Look in $_SERVER["REMOTE_ADDR"] and compare this to your trusted friend's authorized IP address.

If you know what browser your trusted friend is using, you can look in _SERVER["HTTP_USER_AGENT"].  If this value changes, you can re-authenticate by asking for a password.

Any of these techniques can be useful, and most sites would use a combination of them.

* You can check to see that the request and the referrer contain a match on the URL with something along these lines (a same-origin  check):
$regex = '#' . preg_quote($_SERVER['HTTP_HOST']) . '#i';
if (!preg_match($regex, $_SERVER['HTTP_REFERER'])) return FALSE; 

Open in new window

0
 
LVL 1

Author Closing Comment

by:Braveheartli
ID: 41865116
Wonderful , thank you
1
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 41865297
This simple program lists all of the server variables that are available on your server.  It changes from server to server so you can't count on all of them being there on all servers.
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>PHP Server Variables</title>
</head>
<body><h1>PHP Server Variables</h1>
<?php

//reset($_SERVER);
foreach($_SERVER as $key => $value) {
    echo "<b>$key :</b> $value<br />\n";
}

print_r ($_POST);
?>
</body>
</html>

Open in new window

1
Don't Cry: How Liquid Web is Ensuring Security

WannaCry is just the start. Read how Liquid Web is protecting itself and its customers against new threats.

 
LVL 1

Author Comment

by:Braveheartli
ID: 41865355
Yha k you Dave
0
 
LVL 1

Author Comment

by:Braveheartli
ID: 41865356
Thank you
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 41865388
You're welcome.
0

Featured Post

Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Developers of all skill levels should learn to use current best practices when developing websites. However many developers, new and old, fall into the trap of using deprecated features because this is what so many tutorials and books tell them to u…
These days socially coordinated efforts have turned into a critical requirement for enterprises.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question