473,241 Members | 1,573 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,241 software developers and data experts.

Accessed based off of IP...

All,
There are certain scripts that I have that only I want to run, both from
home and sometimes work. If I add something like this (below) to the
scripts, will this keep out unauthorized use (if the scripts are found
somehow), or can the REMOTE_ADDR be easily spoofed ?

Should I be checking HTTP_CLIENT_IP and HTTP_X_FORWARDED_FOR also ?

$ip = $_SERVER["REMOTE_ADDR"];
if (($ip == "x.x.x.x") or ($ip == "y.y.y.y"))
{
//secret stuff
}
else
{
echo "<META HTTP-EQUIV=\"refresh\" content=\"0; url=/index.php\">";
die();
}

or something like this:

function getipaddress()
{
$ip;
if (getenv("HTTP_CLIENT_IP")) $ip = getenv("HTTP_CLIENT_IP");
else if (getenv("HTTP_X_FORWARDED_FOR")) $ip =
getenv("HTTP_X_FORWARDED_FOR");
else if (getenv("REMOTE_ADDR")) $ip = getenv("REMOTE_ADDR");
else $ip = "UNKNOWN";
return $ip;
}

$ip = getipaddress();
if(($ip == "x.x.x.x") or ($ip == "y.y.y.y"))
{
//secret stuff
} else {
echo "<META HTTP-EQUIV=\"refresh\" content=\"0; url=/index.php\">";
die();
}

Thanks.
Jul 17 '05 #1
3 3976
"StinkFinger" <st****@pinky.com> wrote in message
news:10*************@corp.supernews.com...
All,
There are certain scripts that I have that only I want to run, both from
home and sometimes work. If I add something like this (below) to the
scripts, will this keep out unauthorized use (if the scripts are found
somehow), or can the REMOTE_ADDR be easily spoofed ?


You can send TCP/IP packets with fake return addresses fairly easily. But to
take advantage of it in an attack against a web server is hard, I believe,
as the HTTP response would get routed to the real address.
Jul 17 '05 #2
Chung Leong wrote:
"StinkFinger" <st****@pinky.com> wrote in message
news:10*************@corp.supernews.com...
All,
There are certain scripts that I have that only I want to run, both from
home and sometimes work. If I add something like this (below) to the
scripts, will this keep out unauthorized use (if the scripts are found
somehow), or can the REMOTE_ADDR be easily spoofed ?

You can send TCP/IP packets with fake return addresses fairly easily. But to
take advantage of it in an attack against a web server is hard, I believe,
as the HTTP response would get routed to the real address.


Just kinda thinking out loud... by why not limit access to the directory
your scripts are in with .htaccess or IIS's authentication? That'd
probably be a bit more secure than relying upon the REMOTE_ADDR.

Regards,

- Dan
http://blog.dantripp.com
Jul 17 '05 #3
Dan Tripp wrote:
There are certain scripts that I have that only I want to run, both from
home and sometimes work. If I add something like this (below) to the
scripts, will this keep out unauthorized use (if the scripts are found
somehow), or can the REMOTE_ADDR be easily spoofed ?

You can send TCP/IP packets with fake return addresses fairly easily. But
to take advantage of it in an attack against a web server is hard, I
believe, as the HTTP response would get routed to the real address.


Just kinda thinking out loud... by why not limit access to the directory
your scripts are in with .htaccess or IIS's authentication? That'd
probably be a bit more secure than relying upon the REMOTE_ADDR.


Not an answer to your solution, but a suggestion that instead of writing out
a meta tag refresh you might want to do this instead:

header("Location: /index.php");
exit;

Chris

--
Chris Hope
The Electric Toolbox Ltd
http://www.electrictoolbox.com/
Jul 17 '05 #4

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

5
by: Laphan | last post by:
Hi All I've been looking at having my Javascript file as an ASP one to try and stop general prying eyes, eg: <SCRIPT LANGUAGE="javascript" SRC="js-something.asp"> </SCRIPT> and this seems...
3
by: wotan | last post by:
We have an application that accesses a particular table, but it is never updated. Without stepping through the complex application code, is there a method of logging when a particular table is...
5
by: Daniel | last post by:
Does anyone know how this can be done? Thanks
11
by: Vani Murarka | last post by:
Hi Everyone, Does .NET offer any collection class which will give me objects last *accessed* such that I may build a least-recently-used cache that kills off objects that haven't been used for...
1
by: Caveman | last post by:
I wonder if anyone has any hard fact based pro or contra, especially on performance, about having views as opposed to tables when the object is being accessed for read only by multiple...
0
by: Markus Enders | last post by:
Hi everybody, we are using version 7 of db2 and need to replicate a database. We are using two web-based systems, which access two different databases. One system is used for import data...
3
by: Bangalore | last post by:
Hi, In the following program, eventhogh two member function declared under private section of the derived class are accessable by derived class pointer. Please clarify me how can derived class...
6
by: Simon Harvey | last post by:
Hi everyone, We have a need to make a Windows Forms (2.0) client application that will be installed on our clients site. The data that the application uses needs to be centrally available to a...
3
by: =?Utf-8?B?TWlrZQ==?= | last post by:
Hi. In VB.NET, is it possible to determine whether an ASP.NET is being accessed internally (within the same domain hosting the application) or externally (across the internet)? I've looked at...
9
by: tshad | last post by:
I am trying to get access to a file that may still being written because the file is so large (7-10MB). I get an error: The process cannot access the file 'c:\TestDocs\XMLFiles\492172.XML'...
0
by: abbasky | last post by:
### Vandf component communication method one: data sharing ​ Vandf components can achieve data exchange through data sharing, state sharing, events, and other methods. Vandf's data exchange method...
2
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 7 Feb 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:30 (7.30PM). In this month's session, the creator of the excellent VBE...
0
by: fareedcanada | last post by:
Hello I am trying to split number on their count. suppose i have 121314151617 (12cnt) then number should be split like 12,13,14,15,16,17 and if 11314151617 (11cnt) then should be split like...
0
by: stefan129 | last post by:
Hey forum members, I'm exploring options for SSL certificates for multiple domains. Has anyone had experience with multi-domain SSL certificates? Any recommendations on reliable providers or specific...
0
Git
by: egorbl4 | last post by:
Скачал я git, хотел начать настройку, а там вылезло вот это Что это? Что мне с этим делать? ...
1
by: davi5007 | last post by:
Hi, Basically, I am trying to automate a field named TraceabilityNo into a web page from an access form. I've got the serial held in the variable strSearchString. How can I get this into the...
0
by: MeoLessi9 | last post by:
I have VirtualBox installed on Windows 11 and now I would like to install Kali on a virtual machine. However, on the official website, I see two options: "Installer images" and "Virtual machines"....
0
by: ryjfgjl | last post by:
ExcelToDatabase: batch import excel into database automatically...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.