Reply to Re: Limit access to just one IP

Your name:

Reply:


Posted by Jerry Stuckle on 06/16/07 20:53

Roman wrote:
> Jerry Stuckle wrote:
>> Nosferatum wrote:
>>> Hi, on my Apache server I want to limit access to a certain file ouput
>>> (from php/MySQL) to just one IP. The idea is that users from another
>>> site should click a link whic redirects them to my special page on my
>>> server. Only those who access my page from one particulary URL are
>>> allowed to see my file. All others are denied.
>>> Is it possible to solve this with a .htaccess file, or do I need a php
>>> solution?
>>>
>> You can't do it at all. HTTP_REFERER can be faked or may not be sent,
>> for instance.
>
> How important is it for anyone to go into trouble to fake it? If OP is
> trying to protect a million bucks, hackers will go to great extent to
> fake it. If he is simply showing or not showing his email address,
> spammers are not going to bother hacking his site to get one more ;)
>

It's not hard at all to fake it. Additionally, some firewalls can strip
HTTP_REFERER.

>> You theoretically do something like have a parameter you pass with the
>> request; it would change once a minute and would only be good for 90
>> seconds or so. But you'd have to keep the two systems in sync.
>>
>> Or you could generate a list parameters and make each one good only
>> once. But you'll have to maintain potentially long lists, and the more
>> items in the list the better chance of having someone find it. But if
>> the parameter string is long enough, it won't happen.
>>
>> A couple of ideas, anyway.
>>
>
> Or generate a random but verifiable code that will be sent as a script
> parameter in the URL. If he embeds a rolling code with little tolerance,
> the link will expire.
>
> Or have a forwarding website contact the receiving website via
> webservice informing it about the incoming visitor.
>
>
> Or combine these two methods and generate random expirable code that
> will be first communicated to receiving website and then passed as
> session ID inside the URI.

Yes, other good possibilities.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

[Back to original message]
Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация