Block curl access to my server?

0

Is it possible to block curl access to my server? Example I have a VIP site with a user generated security key and prevent anyone from logging on the system via curl? I tried with captcha and still can log in via key with Curl

    
asked by anonymous 20.01.2017 / 16:00

1 answer

3

If you have access to the htaccess file, add this line to it:

<IfModule mod_headers.c>
    Header set Access-Control-Allow-Origin "www.seudominio.com"
</IfModule>

If not, you will have to manually add this to your PHP files

header('Access-Control-Allow-Origin: www.seudominio.com'); 

Access Control Allow Origin will cause your site to only accept requests from the specified domains, if you set the value with * it will accept requests from any site. Take the test there to see if it works.

If the above example does not work you can check a request through a hash, eg

  • When you open the login screen you create a Session with a hash.
  • On the page that receives and validates the login data you verify the this Session.
  • I do not know how safe this method would be, but if it is only to avoid scripting requests I believe it will work since the user will not be validated if the post is done via cUrl for the PHP page.

    You can also take a look at functions like CURLOPT_HTTPHEADER take a look at this question: link

        
    20.01.2017 / 16:17