Block curl access to my server?

Question

Block curl access to my server?

Navigation

#1 by (3 votes)

0

Is it possible to block curl access to my server? Example I have a VIP site with a user generated security key and prevent anyone from logging on the system via curl? I tried with captcha and still can log in via key with Curl

php curl

asked by anonymous 20.01.2017 / 16:00

1 answer

a bug in the range () function? How to fill in a C #

score 3 · Accepted Answer

If you have access to the htaccess file, add this line to it:

<IfModule mod_headers.c>
    Header set Access-Control-Allow-Origin "www.seudominio.com"
</IfModule>

If not, you will have to manually add this to your PHP files

header('Access-Control-Allow-Origin: www.seudominio.com');

Access Control Allow Origin will cause your site to only accept requests from the specified domains, if you set the value with * it will accept requests from any site. Take the test there to see if it works.

If the above example does not work you can check a request through a hash, eg

When you open the login screen you create a Session with a hash.

On the page that receives and validates the login data you verify the this Session.

I do not know how safe this method would be, but if it is only to avoid scripting requests I believe it will work since the user will not be validated if the post is done via cUrl for the PHP page.

You can also take a look at functions like CURLOPT_HTTPHEADER take a look at this question: link