[Resolved] IP referer authentification....

thedream

Hi there !

Here is my big problem:
I need to make an IP authentification to display a secured page.
I explain myself:

The server "security" send to my server to the browser client an adress page on my website.
I want to be sure that this page can be displayed only if it is coming from this server "security".

The trick is that server "security" have an IP from 128.128.128.1 to 128.128.128.100 (for exemple).

How can I do that for this referer included in that range of IP?

Marc-André
😕

Weedpacket

Use [man]ip2long[/man] and see if the result is in that range (-2139062271 to -2139062172 inclusive). Or use the string functions to see if the bit before the last '.' is "128.128.128" and the bit after is a number in the range 1 to 100 inclusive.

thedream

could you show me by code?

Marc

Weedpacket

Which bit are you having trouble with?

thedream

if i Do:

$ip=$HTTP_REFERER;
echo $ip;

I get a result like : http://www.ambilao.com/tom/main_tom.html

Ho do I transform this adress directly in 123.123.123.123 form?
Or How can I have the referer under the form 123.123.123.123????

The egreg function is not solution I think?!?.
and ip2long is not working with a long adress.

Help!

Marc-André
🙁

Weedpacket

[man]parse_url[/man]? [man]gethostbyname[/man]? But remember of course that $_SERVER['HTTP_REFERER'] can never really be trusted.

thedream

Thank you,

But it was not what I was waiting for...
I have found another way to do it...

MArc

ksandom

how did you do it in the end?

thedream

I made it on the.htaccess file who is the best security, I think...

Here is how:

Suppose you have your folder "invoice" on www.yoursite.com

Suppose your Security payment system is https://sssl.security.com
(look at the "s" from https)

To be sure that nobody can't open the folder "invoice" and play with your php files or .jpg or .html files, make a .htaccess inside the "invoice" folder as follow:

SetEnvIfNoCase Referer "^{https://ssl.security.com/"} local_ref=1

    <FilesMatch "\.(html|php)">
        Order Allow,Deny
        Allow from env=local_ref
    </FilesMatch>

And you get it. Only Mister Mitnick and his friends could crack it !!!

Marc-André
webmaster of http://www.ambilao.com/
😉