So I am working on a API, and I want to check which domainname is requesting information from the API.
So, the client has a cURL script, this script sends a POST request to the server. The server needs to know the domainname of this request.
But I don't know how to check which domainname sended a POST request?
Any idea's?
You can use $_SERVER['REMOTE_HOST']
from the docs:
'REMOTE_HOST'
The Host name from which the user is viewing the current page. The reverse dns lookup is based off the REMOTE_ADDR of the user.
Note: Your web server must be configured to create this variable. For example in Apache you'll need HostnameLookups On inside httpd.conf for it to exist. See also gethostbyaddr().
Related
The backedn server URL is https://www.example.com/order/?id=
I am writing the front end to pass order id to this server and display the information I got back.
Server www.example.com requires client certificate authentication.
If I use browser to this URL https://www.example.com/order/?id=123456
I can select my certificate and then get the information I want.
Is there any way I can do this:
Initial page asks the user to select client certificate they wan to use on browser and input order number --> Pass the client certificate andorder number to 'https://www.example.com/order/?id=' to get an result
I've tried using file_get_contents() and cURLs but could not find a way to pass in the client certificate.
---------Update-----------
I've update my Apache virtualHost file and I can have the client certificate information store on the environment now.
$_SERVER['SSL_CLIENT_M_SERIAL']
$_SERVER['SSL_CLIENT_S_DN']
$_SERVER['SSL_CLIENT_V_END']
What I should do to pass these certificate information to the backend server to get through the authentication?
I log my webapp that capture PHP $_SERVER information for security purpose.
Some of record is show HTTP_HOST that value is localhost but REMOTE_ADDR is external ip.
I have tested to access from external ip, but it show correct HTTP_HOST which is my webapp domain or server public ip address (if i use ip address)
Is this is common? if yes, how to get HTTP_HOST value to localhost from external ip?
And if no, is someone (possibly) has access to my server or try(and successfully) inject my webapp?
I think i got an answer, as in PHP doc Manual
All elements of the $SERVER array whose keys begin with 'HTTP' come from HTTP request headers and are not to be trusted
and can be change with this method
curl -H "Host: notyourdomain.com" http://yoursite.com/
I have a remote login script that user hosts (runs) on his server. During registration, user needs to specify a domain he will login from. When user runs script on his domain and logins to my server for the 1st time, I log his IP using:
$ip_address = $_SERVER['REMOTE_ADDR'];
When user logins 2nd time, I check if his IP address is still the same (using the same function above). Then I check if he still uses the same domain using:
$domain = $_SERVER['HTTP_REFERER'];
Finally, besides other security checks, I also check if specified domain really points to IP address using:
$domain_ips_array = gethostbynamel($domain);
if (in_array($ip_address, $domain_ips_array)) {
echo "Wonderful, domain really points to this IP";
}
But there's a problem when domain points to a dedicated IP. For example, if server's IP (where script is actually hosted) is 1.1.1.1 (this IP is also returned by $_SERVER['REMOTE_ADDR']), but domain is configured to use a dedicated IP 1.1.1.2, gethostbynamel function will only return 1.1.1.2, and check will fail (even if domain is actually hosted on server with IP address 1.1.1.1).
How do I solve this issue? Put simply, I need to be sure that user always runs the script on the same IP/domain, and if any of these is changed, alert is displayed.
I think you have a better luck with refactoring a little bit of the script you send to the user.
For example when a first login comes along, you can see the IP from the requested server.
Do your magic and return the IP to your script. Then store it somewhere and always send it after that.
This way you will always have the first IP. And then check with the $_SERVER variable. Domains can be changed and I think it's not that reliable.
Said it more simple, you need to have it stored somewhere.
-EDIT
You can use the function gethostbyaddr.
This will return you the domain of the IP. So you can store the domain from the first request as well and then check it with every other.
I am calling below file in below 2 ways:-
1. CURL request
2. Ajax request in web site
http://test.com/test.php
In that scenarios , How to find out the file request comes from CURL / Ajax request without argument segregation.
Please suggest.
You can compare the request IP address. The Ajax call request IP address will be the client's IP address, while on the CURL case it will be the server(or where the library is located) IP address.
You can check the user-agent header. If starts with curl, indicates that the request was from a curl client.
Use the code $_SERVER['HTTP_USER_AGENT']; to get the user agent.
I am getting the client's (website user's) IP address. Now I'd like to go one step further by knowing the user's computer name. So far, my research has not turned up anything to aid me in retrieving this information.
Is it possible to use the user's IP address, or some other means, to get my visitor's computer name using PHP?
PHP 5.4+
gethostbyaddr($_SERVER['REMOTE_ADDR'])
You can perform a reverse DNS lookup using gethostbyaddr().
Note that this will give you the name of the host the request came from according to reverse DNS.
It will not give you a result if reverse DNS isn't set up
It will not give you the Windows name of the computer
It will give you the name of the router if NAT is involved or proxy if a proxy is involved.
Not possible with plain php running on the server. It'd be a security/privacy issue to know details of the client such as computer name, mac address, contents of his drive.
You need some sort of application running on the client's machine in order to get this.
If you're referring to the hostname (displayed for instance by the hostname command on linux) of the computer doing the request:
That information is not included in an HTTP request. (That is, it's impossible for PHP to figure out.)
You could do a reverse DNS lookup, but that's probably not what you want anyway.
This is all that you could get using just PHP (you may try these butIi dont think this is what you actually needed):
gethostname()
gethostbyname(gethostname())
$_SERVER['HTTP_HOST']
$_SERVER['SERVER_SIGNATURE']
$_SERVER['SERVER_NAME']
$_SERVER['SERVER_ADDR']
$_SERVER['SERVER_PORT']
$_SERVER['REMOTE_ADDR']
gethostbyaddr($_SERVER['REMOTE_ADDR'])
php_uname()
The only thing you could do is try to get a DNS name for the client. "Computer Name" is a Windows made-up thing. Just call the built-in function gethostbyaddr() with the client's IP address. However, it won't always (hardly ever) work.
You can do this by
$_SERVER['REMOTE_HOST']
'REMOTE_HOST' - The Host name from which the user is viewing the current page. The reverse dns lookup is based off the REMOTE_ADDR of the user.
Note: Your web server must be configured to create this variable. For example in Apache you'll need HostnameLookups On inside httpd.conf for it to exist. As David mentioned you can also use . gethostbyaddr()
Pls go thru all the comments in the
url before actually using the
function.
Do something lik this:
<?php
//get host by name
echo gethostname();
echo "<br>";
//get OS
echo php_uname();
?>