ricardolobo
Reputation: 77
Only allow a certain domain to access my php files
I am trying to prevent a php file from being accessed directly through a browser or anything else, unless its coming from a authorised domain.
I used the php header Access-Control-Allow-Origin like this:
header('Access-Control-Allow-Origin: http://www.example.com');
But it still doesn't block direct access.
UPDATE:
I tried to .htaccess method:
order deny,allow
deny from all
allow from <your ip>
and this one too:
<RequireAll>
Require ip <your ip>
</RequireAll>
I also tried using both with domain names.
With this I managed to block direct access, but I also blocked my app from accessing it too.
I get:
No 'Access-Control-Allow-Origin' header is present on the requested resource.
and I added:
header('Access-Control-Allow-Origin: myappdomain.com');
Still not working.
Upvotes: 2
Views: 7970
Answers (1)
Antony
Reputation: 1273
How about using $_SERVER['HTTP_REFERER']?
Sample code:
if($_SERVER['HTTP_REFERER'] !== 'gooddomain.com'){
die('Unauthorized access');
}
Although this can be manipulated or altered quite easily, unless you control both the sending and the receiving server there isn't much more you can do.
Upvotes: 1
Related Questions
- How to enable CORS with PHP
- CORS / Access-Control-Allow-Origin
- CORS not working php
- CORS with php (Wordpress)
- Plesk/PHP Accept Requests Only From Your Domain
- CORS ORIGIN ISSUE
- PHP - Allow access from only one domain
- Is possible to allows cors access from one domain only in php
- PHP script only allow traffic from a certain domain?
- How do I only allow visitors from specific domains?