I have to receive GETs with important information, and it can only be via GET and I can not see POST. I was wondering if there is any way to get the GETs from another server, only if that server had a certain IP.
How can I do this?
I have to receive GETs with important information, and it can only be via GET and I can not see POST. I was wondering if there is any way to get the GETs from another server, only if that server had a certain IP.
How can I do this?
Use the global variable $_SERVER['REMOTE_ADDR']
It will inform the IP of where the page is being requested. Remember that if you use CloudFlare or some other similar mechanism, it may change the contents of $_SERVER['REMOTE_ADDR']
.
In the case of CloudFlare, this happens in the free plan and the original IP that made the request is placed in another variable called $_SERVER['HTTP_CF_CONNECTING_IP']
Then the final code would look something like this (judging from your needs):
<?php
$requestIP = (isset($_SERVER['REMOTE_ADDR'])) ? $_SERVER['REMOTE_ADDR'] : null;
if ($requestIP !== null && $requestIP === '127.0.0.1') {
//seu código aqui
}
Also remember to change the IP 127.0.0.1 present in the condition by the IP that will be allowed.
It is possible, yes, PHP allows checking the IP of the machine that made the request, however if this is a "security" system, do not do this because the user can simulate an IP using a proxy and thus back to the system.
Never trust information sent by the client, they can be manipulated.
All relevant IP information can be found in the $ _SERVER array. The simplest way to get the IP address of your visitors is with the following code:
$ip = $_SERVER['REMOTE_ADDR'];
This solution is not entirely accurate, because if the user is in a connection using a proxy server, the IP you will get will be the proxy server and not the actual IP address of the user.
More accurate results can be obtained. Proxy servers carry a property that stores the original IP in the HTTP header. The name of this field is X-Forwarded-For
or Client-Ip
. If one of these fields is present in the HTTP header, then you can read its values through the array $_SERVER
:
if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
$ip = $_SERVER['HTTP_CLIENT_IP'];
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
} else {
$ip = $_SERVER['REMOTE_ADDR'];
}
//Verifica se o IP é permitido
if($ip==xxx.xxx.xxx.xxx) {
//verifica se os dados foram enviados via GET
if(isset($_GET["XPTO"])) {
echo 'O IP é correto e os dados foram enviados via GET!';
}
}
However, the values of X_Forwarded_For
and Client_Ip
are not 100% reliable because you can manipulate these values. Because of this we can not only use IP verification for security applications and solutions.