BR
asked on
how to block posted data except coming from specific remote ADDR
I had this question after viewing blocking the posted data from outside of my domains.
I know now how to block posted data outside of specific domain. ( not recommended ) However,
How can I block the posted data if it is not coming from my ip address 216.58.201.68 etc. ( from my other server )
I already know my servers ip addresses. I only want to allow data posting between my servers.
How can I do that?
I know now how to block posted data outside of specific domain. ( not recommended ) However,
How can I block the posted data if it is not coming from my ip address 216.58.201.68 etc. ( from my other server )
I already know my servers ip addresses. I only want to allow data posting between my servers.
How can I do that?
Yes, you can do this. Check $_SERVER['REMOTE_ADDR'] for the IP address you want to allow.
ASKER
Dear Ray Paseur,
I can do that , but I think it checks the visitor's ip address,
I need to check the ip address of whom posts to my web page?
I can do that , but I think it checks the visitor's ip address,
I need to check the ip address of whom posts to my web page?
The "visitor" is the client machine. I'm pretty sure you want to check the IP address in REMOTE_ADDR. I'll make up a demonstration for you in a moment.
You can find this information and much more about PHP by running this little script, shown here in its entirety.
You can find this information and much more about PHP by running this little script, shown here in its entirety.
<?php phpinfo();
ASKER
Thank you so much, I'm looking forward to seeing the demonstration. thank you
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thank you so much Ray Paseur, I'm trying it now. Thank you
ASKER
Dear Ray,
you are the best ever... Thank you so much...
you are the best ever... Thank you so much...
Thanks! :-)
ASKER
Dear Ray Paseur,
My user connect to a payment site, after a successful payment process, the payment page redirect the user to my page and post some data to my page to show that the payment is successful.
the payment site posts some variables like ORDER_REFERENCE number etc…
For security reasons I need to understand that the data is coming from the payment site. I know the ip address, I know the domain name of the payment web site which posts me the variables like ORDER_REFERENCE number etc…
the page is not only posted by the form but also visited by the user, so that when I call REMOTE_ADDR, it brings the visitor’s ip address not the server that posts the form.
When I use above code, it gets my ip address not the server that posts the form data.
What do you suggest I should do?
My user connect to a payment site, after a successful payment process, the payment page redirect the user to my page and post some data to my page to show that the payment is successful.
the payment site posts some variables like ORDER_REFERENCE number etc…
For security reasons I need to understand that the data is coming from the payment site. I know the ip address, I know the domain name of the payment web site which posts me the variables like ORDER_REFERENCE number etc…
the page is not only posted by the form but also visited by the user, so that when I call REMOTE_ADDR, it brings the visitor’s ip address not the server that posts the form.
When I use above code, it gets my ip address not the server that posts the form data.
What do you suggest I should do?
This is really a separate question, and might best be addressed separately. Please be sure to tell us the name of the payment site and post a link to their online documentation.
The general design for a "handshake" like this is to post the payment data right back to the payment site. The payment site will then confirm or deny that they were the source of the payment information.
The general design for a "handshake" like this is to post the payment data right back to the payment site. The payment site will then confirm or deny that they were the source of the payment information.
ASKER
thank you Ray Paseur,
Handshake is the answer that I'm looking for.
thank you.
Handshake is the answer that I'm looking for.
thank you.