470,616 Members | 2,048 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

home > topics > php > questions > accessed based off of ip...

Post your question to a community of 470,616 developers. It's quick & easy.

Accessed based off of IP...

All,
There are certain scripts that I have that only I want to run, both from
home and sometimes work. If I add something like this (below) to the
scripts, will this keep out unauthorized use (if the scripts are found
somehow), or can the REMOTE_ADDR be easily spoofed ?

Should I be checking HTTP_CLIENT_IP and HTTP_X_FORWARDED_FOR also ?

$ip = $_SERVER["REMOTE_ADDR"];
if (($ip == "x.x.x.x") or ($ip == "y.y.y.y"))
{
//secret stuff
}
else
{
echo "<META HTTP-EQUIV=\"refresh\" content=\"0; url=/index.php\">";
die();
}

or something like this:

function getipaddress()
{
$ip;
if (getenv("HTTP_CLIENT_IP")) $ip = getenv("HTTP_CLIENT_IP");
else if (getenv("HTTP_X_FORWARDED_FOR")) $ip =
getenv("HTTP_X_FORWARDED_FOR");
else if (getenv("REMOTE_ADDR")) $ip = getenv("REMOTE_ADDR");
else $ip = "UNKNOWN";
return $ip;
}

$ip = getipaddress();
if(($ip == "x.x.x.x") or ($ip == "y.y.y.y"))
{
//secret stuff
} else {
echo "<META HTTP-EQUIV=\"refresh\" content=\"0; url=/index.php\">";
die();
}

Thanks.
Jul 17 '05 #1
3 3872
"StinkFinger" <st****@pinky.com> wrote in message
news:10*************@corp.supernews.com...
All,
There are certain scripts that I have that only I want to run, both from
home and sometimes work. If I add something like this (below) to the
scripts, will this keep out unauthorized use (if the scripts are found
somehow), or can the REMOTE_ADDR be easily spoofed ?


You can send TCP/IP packets with fake return addresses fairly easily. But to
take advantage of it in an attack against a web server is hard, I believe,
as the HTTP response would get routed to the real address.
Jul 17 '05 #2
Chung Leong wrote:
"StinkFinger" <st****@pinky.com> wrote in message
news:10*************@corp.supernews.com...
All,
There are certain scripts that I have that only I want to run, both from
home and sometimes work. If I add something like this (below) to the
scripts, will this keep out unauthorized use (if the scripts are found
somehow), or can the REMOTE_ADDR be easily spoofed ?

You can send TCP/IP packets with fake return addresses fairly easily. But to
take advantage of it in an attack against a web server is hard, I believe,
as the HTTP response would get routed to the real address.


Just kinda thinking out loud... by why not limit access to the directory
your scripts are in with .htaccess or IIS's authentication? That'd
probably be a bit more secure than relying upon the REMOTE_ADDR.

Regards,

- Dan
http://blog.dantripp.com
Jul 17 '05 #3
Dan Tripp wrote:
There are certain scripts that I have that only I want to run, both from
home and sometimes work. If I add something like this (below) to the
scripts, will this keep out unauthorized use (if the scripts are found
somehow), or can the REMOTE_ADDR be easily spoofed ?

You can send TCP/IP packets with fake return addresses fairly easily. But
to take advantage of it in an attack against a web server is hard, I
believe, as the HTTP response would get routed to the real address.


Just kinda thinking out loud... by why not limit access to the directory
your scripts are in with .htaccess or IIS's authentication? That'd
probably be a bit more secure than relying upon the REMOTE_ADDR.


Not an answer to your solution, but a suggestion that instead of writing out
a meta tag refresh you might want to do this instead:

header("Location: /index.php");
exit;

Chris

--
Chris Hope
The Electric Toolbox Ltd
http://www.electrictoolbox.com/
Jul 17 '05 #4

This discussion thread is closed

Start new discussion

Replies have been disabled for this discussion.

Similar topics
Collection sorted on last accessed object
11 posts views Thread by Vani Murarka | last post: by
Is ASP.NET App Being Accessed Internally/Externally
3 posts views Thread by =?Utf-8?B?TWlrZQ==?= | last post: by
Checking if file being accessed
9 posts views Thread by tshad | last post: by
BYTES.COM © 2022
About Us
Advertise
Terms Of Use
Privacy Policy
Manage Cookies
Contact Us
Sitemap

Follow us! Get the Latest Bytes Updates
By using this site, you agree to our Privacy Policy and Terms of Use.