How to allow PHP upload from only one domain?

Question

In the HTML form I wrote user can upload a file that is sent out on submission using ajax. The script is located on exampledomain.com/upload.php.

I want to avoid a situation that somebody is going to make his own form with action pointing to upload.php and start spamming my server with unauthorized files.

Everybody can fill out my HTML form so login/password protection for upload is not an option for me. Is there any efficient way of making sure that upload.php is going to be triggered only from the HTML form on my website?

One way of dealing with that problem would be using sessions, but I'm not sure how well it works with ajax. Any suggestions?

Answer 1

Although Cross Site Request Forgery is normally classed as an attack on already-authenticated users' accounts via another site, the techniques used to combat it will work for you to some degree, even though, as you say, your users aren't authenticated as such.

Specifically, generating a nonce (one-time unique value) with every form, as described in Jeff Atwood's article here will help by preventing other sites from simply POSTing data to your servers -- if you validate that the nonce value sent with the POST request is one that you've recently generated, it must at least have come from someone who's "visited" your site somehow.

However, that won't prevent spammers from attacking your site by scraping the nonce values from your site, i.e. pretending to be your users and using your actual forms. For that, you probably want to look into various techniques like CAPTCHAs, blacklists, and other validations.

Personally, I think if you're not going to use authenticated users (by which I mean at least requiring a CAPTCHA plus an email address validation for a user to register, then requiring them to authenticate before uploading) then I'd say you'd pretty much have to use a good CAPTCHA system, probably combined with regular checking for unusual activity, and sampling of the uploads to combat the inevitable spam and attacks. There's a reason most popular web services require these checks, sadly.

(Incidentally, sessions work fine with Ajax -- just make sure to use the same session-handling code in the page that responds to the Ajax request. But without an authenticated user, the sessions won't buy you anything in the way of security, as far as I can see. A spambot can cope perfectly well with sessions.)

Answer 2

I want to avoid a situation that somebody is going to make his own form with action pointing to upload.php and start spamming my server with unauthorized files.

That's impossible.

How to allow PHP upload from only one domain?

To let you know, files being uploaded not from "domain" but merely from the user's PC.

As long as you have unrestricted registration on your site, anyone could spam. You have to choose another protection against this imaginary threat.