Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to check if a request if coming from the same server or different server?

Tags:

php

How can I check whether a request being received is sent from the same server??

Say, I've my domain at www.domain.com. Now I've php processing files which will process forms hosted through this domain. This processes will be executed only if the requests are sent from within the domain ie. www.domain.com and any other requests sent from other domains will be discarded.

like image 592
ptamzz Avatar asked Mar 23 '11 19:03

ptamzz

People also ask

How does the HTTP server identify individual browsers?

In particular, the Hypertext Transfer Protocol (HTTP) identifies the client software originating the request, using a user-agent header, even when the client is not operated by a user.

What happens if 2 requests are sent at nearly the same time data to the server?

Also, it is not possible for two requests to "come in at the same time" over the network, if there is only one network card - if they come in at the same time, EXACTLY (on a gigabit network), then the two packets will collide; both requests will be retried after a slightly random time, until there is no collision.

1 Answers

Basically : you cannot.
With the HTTP protocol, each request is independent from the others.


A first idea would be to check the Referer HTTP header, but note that :

  • It can be faked (it's sent by the browser)
  • It is not always present.

So : not a reliable solution.


A possible, and far better than the Referer idea, solution could be to use a nonce :

  • When displaying the form, put a hidden input field in it, containing a random value
  • At the same time, store that random value into the session that correspond to the user.
  • When the form is submitted, check that the hidden field has the same value as the one that's stored in session.

If those two values are not the same, refuse to use the submitted data.

Note : this idea is often used to help fight against CSRF -- and integrated in the "Form" component of some Frameworks (Zend Framework, for instance).

like image 65
Pascal MARTIN Avatar answered Sep 22 '22 11:09

Pascal MARTIN
Sign in to Comment

Related questions

MongoDB: Fatal error: Class 'MongoClient' not found
PHP - Convert multidimensional array to 2D array with dot notation keys
Laravel 4 - Connect to other database
Ping site and return result in PHP
Simple PHP strpos function not working, why?
unexpected 'use' (T_USE) when trying to use composer
Is it possible to boost 'newest' items using elasticsearch? (FOQElasticaBundle)
How to preview an image before and after upload?
How to select last 3 minutes' records from MySQL with PHP
Laravel Passport Route redirects to login page
Escaping for CSV
PHP - make sure string has no whitespace
TCPDF UTF-8 symbols not showing up
Having problems while try to install OAUTH with PECL in MAMP on mac OS lion
Laravel session data not sticking across page loads
Flatten multidimensional array concatenating keys [duplicate]
Call private methods and private properties from outside a class in PHP
Process CSV Into Array With Column Headings For Key
Range out of order in character class
PHP - get last week number in year

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!