Using the simple php curl function for Facebook user-account control, I pull out the site and do the detection according to the incoming data.
But because I have multiple queries, Facebook blocks and php codes are disabled. How can I show each browser function as if it was entered from a different computer by modifying the browser ip-user agent (if there is a proxy) before running it?
Thank you.
Your trying to ask that your ip is blocked to get data through API so that you are trying to fetch data from different ip[proxy]. If this is your concern then try to find why your ip has blocked and get whitelist your ip from FB!!!!!
First, access canhazip.com or jsonip.com from the server to make sure it has the public IP you think.
Second, make sure that IP address is in "Server IP Whitelist" for the app's Settings > Advanced section in the Developer console (https://developers.facebook.com/apps/[APP ID]/settings/advanced/).
Related
I need to use the Google Places API through PHP in a Wordpress site hosted on Flywheel.
It seems the option I need to use is the IP addresses (web servers, cron jobs, etc.).
My problem is that flywheel has a dynamic IP address system and after a couple of days the API stops working since the IP has changed.
I' trying to see if I can authenticate the site using something else but I have not been able to find it.
I've looked at googleapis/google-api-php-client but the Places API is not part of the APIs the package can connect.
Do you know how If there is any other way to whitelist a site for a web server with a dynamic IP?
It's not necessary to use the API key restriction. You don't need to restrict it by an IP address. It's an optional feature per key.
I'll try to give you at least an option/suggestion because I'm not sure how you intent to use the Google Place API but you can basically create 2 separate keys:
One public API key for browser based calls (show map, suggestions, etc..). In this case I would use HTTP referrer for as restriction and add your websites where this key is running.
One private API key for server based calls (server2server, queue, cronjobs, etc..). Since you have a floating IP you would need to know the full range. In this case I would not "additionally" restrict it by the IP address and only use the secret.
Another suggestions in case your really really want to restrict this additionally:
Ask flywheel if they can give you a dedicated IP address. A quick google lookup showed some forums which indicate that they support it. Attention: I'm sure they will charge you for this additional money.
Move your cronjobs, queues, ... away from flywheel and host it somewhere, where you have control of the IP address. (e.g. AWS EC3 t3.nano with an elastic ip address - costs you ~$5/month)
Hope this helps and gives you some impressions about your options. Let me know if this answers your question or if you need and further information.
I want to extract some data from an HTML page.
I tried it with php, but I got an issue because this page is only available if you are connected to a specific network: unfortunately, my client is connected to that network, but not my server, so php requests fail.
My question is: if I try to scrape the page with javascript instead of php, will my request seem to come from my client network?
No it won't, unless you execute it in a browser which is already on your clients network! What you should checkout perhaps is a proxy or a VPN. Route your servers traffic through your clients network, this way it will appear to be coming from there IP address.
I'm migrating our system to the Google App Engine.
When our PDF generator needs a external resource (for example a picture) it does an internal HTTP request (where the request IP is different from the user IP). It then also starts an different session, so I cannot see if the user is logged.
In order to give the right permissions, I need to check if the request comes from a server IP.
In the previous code I checked this trough the following code:
if($_SERVER['REMOTE_ADDR'] == $_SERVER['SERVER_ADDR']) {
return true;
}
But since $_SERVER['SERVER_ADDR'] is not available, this cannot be used.
In the new code I check this trough the following code:
$allowed_ips = array(
'127.0.0.1',
'8.35.201.100'
);
if(in_array($_SERVER['REMOTE_ADDR'], $allowed_ips)) { return true; }
The problem is; I do not know which IP addresses Google App Engine uses to do a internal request.
I have found the IP address 8.35.201.100 as a server address, but are there more IP addresses or maybe ranges.
The Task Queues Google App Engine issues requests from the IP address 0.1.0.2 (https://developers.google.com/appengine/docs/php/taskqueue/overview-push#Task_Execution). Is this the same at the internal request.
Greets, Hendrik
I don't think AppEngine discloses IP addresses. AppEngine is a dynamic environment with instances spinning up and spinning down, there would be requests from different IPs as things change.
When you make HTTP requests from AppEngine, it does set a few header fields to mark that the request was from AppEngine. I think the AppId is included. Anyway here is the documentation on that.
https://developers.google.com/appengine/docs/php/urlfetch/#Request_Headers
From a security standpoint, anyone can just write fake HTTP headers. So I wouldn't rely on that as a means of authentication.
When user enter my site they receive a dialogue box proposing to install my wonderful app. When the user presses the accept button, the play market page with my app pops up.
This dialog box appears only if user browses from phone.
However, this dialog will popup even if user has my app already. Thus, I am interested in a way to inform site about presence/absence of an app on the phone. If app already installed on a phone, dialog should not appear.
phone w/o app -> browse site -> get dialoge box
phone with app -> browse site -> normal browsing
Simple and useless solution which comes in mind:
If link is opened from my app, it is extended with some action to identify that app is installed.
It is useless, because app is all-sufficient, so opening site will not give any benefit.
A bit more advanced idea was proposed by msh: Give user an option which app will open a link. If link is opened with my app as above.
Is there a better way to do this ?
Yes, Mobile Browsers (on their own) cannot communicate the application installed status to web. But still if you are desperate to implement this behavior, I have got a "WILD" solution for you.
This Solution is divided in two parts: Client Side (Android Device) / Server Side (Web)
Client Side (on Android Device):
In your application you'll need to implement a BroadcastReciever that will be continuously listening to the Network State changes. Whenever a broadcast is received for new network connection available (e.g. when the user turns on the Mobile Data), your app should read the acquired IP address and communicate it to your web-server (using HttpURLConnection).
Communicating the IP address will inform your web-server that the device browsing your website from this IP address has got your application installed.
Server Side (on Web Server):
Your web-server will keep a track of all the IP addresses reported by all the devices on which your application is installed(off-course in a database). To avoid redundant entries you can decide a expiry/validation time for each IP address record received.
Now when your server receives a web request, it will match the IP of the requesting client with all the IP's that were saved in its database. If it finds a matching IP, it means that the web request has come from a device on which your application is already installed. Otherwise you can direct the user to your app's play store link.
Limitation of proposed Solution: This solution will work with 100% accuracy only in the case when the user is using Mobile Data (2g / 3g / etc) to connect to internet. Since using Mobile Data, everytime the device will be issued a unique IP address by the service provider.
This wont work perfectly for wi-fi connections. While browsing using a wi-fi, all the devices that are connected to same wi-fi spot are allocated the same IP address. So there may be a situation where two mobile phones are using internet from same wi-fi spot, out of which one phone has your application installed and the other phone does not. This will confuse the server.
** This solution may not be highly recommended, but could be used with some minor fixes if you don't get any other solutions ;)
It is not possible of course, browser doesn't leak phone configuration and installed apps to random websites (I hope, or somebody has to fix it ASAP)
You can probably make your app react to the VIEW Intent with certain URL then redirect to that URL on your site, but that will make Android ask the user whether they want to open this URL with your app or the browser, so it is not transparent
You could have two seperate urls like: www.yousite.com and www.app.yoursite.com. This way at least the users are free of the popup from the app.
today I came a across a pretty strange behaviour of an php based application of mine.
In a certain part of the system there's an UI making use of AJAX-calls to fill list
boxes with content from the backend.
Now, the AJAX listener performs a security check on all incoming requests, making sure
that only valid client IPs get responses. The valid IP are stored in the backend too.
To get the client's IP I used plain old
$_SERVER['REMOTE_ADDR']
which works out for most of the clients. Today I ran into an installation where
remote_addr contained the IP of an network adapter which was'nt that one which performed
the actual communication for my application.
Googling around agve me Roshan's Blog entry on the topuic:
function getRealIpAddr()
{
if (!empty($_SERVER['HTTP_CLIENT_IP'])) //check ip from share internet
{
$ip=$_SERVER['HTTP_CLIENT_IP'];
}
elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR']))//check ip is pass from prxy
{
$ip=$_SERVER['HTTP_X_FORWARDED_FOR'];
}
else
{
$ip=$_SERVER['REMOTE_ADDR'];
}
return $ip;
}
Sadly the problem persists.
Did anybody ever stumble into this sort of problem (actually I don't think that I discovered a completly new issue ^^) and has an idea for me how to fix this?
EDIT:
I'm on
PHP Version 5.2.9-1
Apache/2.2.9 (Win32)
The communication is done via a regular LAN card. Now the actuall client has several
devices more. VMNet adapters and such.
I'm wondering how a client configuration can 'disturb' a web server that much...
TIA
K
Unfortunately, you have to take all IP information with a grain of salt.
IP addresses are gathered during the request by taking the packet and request information into account. Sadly, this information can easily be spoofed or even be incorrect (based on a large number of network probabilities) and should not be used for anything more than vanity purposes.