How to only receive gets from a given IP

2

I have to receive GETs with important information, and it can only be via GET and I can not see POST. I was wondering if there is any way to get the GETs from another server, only if that server had a certain IP.

How can I do this?

    
asked by anonymous 21.03.2016 / 11:49

2 answers

7

Use the global variable $_SERVER['REMOTE_ADDR']

It will inform the IP of where the page is being requested. Remember that if you use CloudFlare or some other similar mechanism, it may change the contents of $_SERVER['REMOTE_ADDR'] .

In the case of CloudFlare, this happens in the free plan and the original IP that made the request is placed in another variable called $_SERVER['HTTP_CF_CONNECTING_IP']

Then the final code would look something like this (judging from your needs):

<?php

$requestIP = (isset($_SERVER['REMOTE_ADDR'])) ? $_SERVER['REMOTE_ADDR'] : null;

if ($requestIP !== null && $requestIP === '127.0.0.1') {
    //seu código aqui
}

Also remember to change the IP 127.0.0.1 present in the condition by the IP that will be allowed.

    
21.03.2016 / 12:05
5

It is possible, yes, PHP allows checking the IP of the machine that made the request, however if this is a "security" system, do not do this because the user can simulate an IP using a proxy and thus back to the system.

Never trust information sent by the client, they can be manipulated.

All relevant IP information can be found in the $ _SERVER array. The simplest way to get the IP address of your visitors is with the following code:

$ip = $_SERVER['REMOTE_ADDR'];

This solution is not entirely accurate, because if the user is in a connection using a proxy server, the IP you will get will be the proxy server and not the actual IP address of the user.

More accurate results can be obtained. Proxy servers carry a property that stores the original IP in the HTTP header. The name of this field is X-Forwarded-For or Client-Ip . If one of these fields is present in the HTTP header, then you can read its values through the array $_SERVER :

if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
    $ip = $_SERVER['HTTP_CLIENT_IP'];
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
    $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
} else {
    $ip = $_SERVER['REMOTE_ADDR'];
}

//Verifica se o IP é permitido
if($ip==xxx.xxx.xxx.xxx) {
    //verifica se os dados foram enviados via GET
    if(isset($_GET["XPTO"])) {
        echo 'O IP é correto e os dados foram enviados via GET!';
    }
}

However, the values of X_Forwarded_For and Client_Ip are not 100% reliable because you can manipulate these values. Because of this we can not only use IP verification for security applications and solutions.

    
21.03.2016 / 12:19