At least it was funny to see how people post such big crap on the internet. When it does, you cite the source.
This code blocks your internal access, not anyone else's access. You are localhost
, not the external user. No external user communicates with you with localhost
, if it were, everyone would be localhost
and there would be no differentiation between users accessing.
Forget, you have no control over what others do on their computers. Any attempt to protect yourself from something external will cause more confusion. The only safety you can give is to correctly validate everything that comes from outside. This depends on each case but you can not validate intent, just the data received.
There is no effective way to prevent the sending of data in the way that the user wants, effectively is to ensure that all aspects of the data received are in accordance with what you want.
You can not know where the information comes from, it is always disguised. Even IP can be faked if anyone who does this does not want to receive a response from your server.
I recommend you remove the "security" you use today. She is better because she tries to validate the information. But it is creating a problem that you do not see. You are blocking some legitimate access. When doing software it is more important to test what does not work. Testing is difficult because you do not always know everything that needs to be tested. By making an analogy, in this case you are trying to find out if the person's name is spelled correctly. It is impossible to know, it is a problem of the person and not their knowing what is correct.
It strikes me that even here everyone, including me, presents simplified, naive solutions without extensive testing, which probably the people who did, if they are aware, would not use their codes without a deeper analysis, but who reads leaves using it as if the solution were perfect.
Programming is difficult, there are many variants that need to be analyzed, without understanding the whole foundation problem, especially security, will occur in the hills.
Today there are campaigns to introduce new programmers into the industry. They have two objectives: 1) to create consumers for programming tools, no matter what results happen, including because wrong programming also makes the industry move; 2) find quality in quantity, after all there is hope that all new programmers will try to understand the fundamentals and all the aspects needed.
Then question everything you read on the internet, even what you read here. Here we have people validating the answers but it is common for people to have a low critical sense and this validation does not always occur as it should. People have a tendency to want to please more than do the right thing and everyone gets hurt by it. We can call this professional populism. They want to create an appearance of being helpful.
Here is still the place most likely to get a more consistent response and develop, but I still recommend studying protocols, using a packet analyzer to see how data is trafficked, trying to forge the data of all the shapes. This can not be done for you. Whenever you find a problem and do not know how to solve it, you should look for reliable and verifiable (plural) sources.