Is it possible to block curl access to my server? Example I have a VIP site with a user generated security key and prevent anyone from logging on the system via curl? I tried with captcha and still can log in via key with Curl
Is it possible to block curl access to my server? Example I have a VIP site with a user generated security key and prevent anyone from logging on the system via curl? I tried with captcha and still can log in via key with Curl
If you have access to the htaccess file, add this line to it:
<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin "www.seudominio.com"
</IfModule>
If not, you will have to manually add this to your PHP files
header('Access-Control-Allow-Origin: www.seudominio.com');
Access Control Allow Origin
will cause your site to only accept requests from the specified domains, if you set the value with *
it will accept requests from any site. Take the test there to see if it works.
If the above example does not work you can check a request through a hash, eg
I do not know how safe this method would be, but if it is only to avoid scripting requests I believe it will work since the user will not be validated if the post is done via cUrl for the PHP page.
You can also take a look at functions like CURLOPT_HTTPHEADER
take a look at this question: link