I am calling below file in below 2 ways:-
1. CURL request
2. Ajax request in web site
http://test.com/test.php
In that scenarios , How to find out the file request comes from CURL / Ajax request without argument segregation.
Please suggest.
You can compare the request IP address. The Ajax call request IP address will be the client's IP address, while on the CURL case it will be the server(or where the library is located) IP address.
You can check the user-agent header. If starts with curl, indicates that the request was from a curl client.
Use the code $_SERVER['HTTP_USER_AGENT']; to get the user agent.
Related
The backedn server URL is https://www.example.com/order/?id=
I am writing the front end to pass order id to this server and display the information I got back.
Server www.example.com requires client certificate authentication.
If I use browser to this URL https://www.example.com/order/?id=123456
I can select my certificate and then get the information I want.
Is there any way I can do this:
Initial page asks the user to select client certificate they wan to use on browser and input order number --> Pass the client certificate andorder number to 'https://www.example.com/order/?id=' to get an result
I've tried using file_get_contents() and cURLs but could not find a way to pass in the client certificate.
---------Update-----------
I've update my Apache virtualHost file and I can have the client certificate information store on the environment now.
$_SERVER['SSL_CLIENT_M_SERIAL']
$_SERVER['SSL_CLIENT_S_DN']
$_SERVER['SSL_CLIENT_V_END']
What I should do to pass these certificate information to the backend server to get through the authentication?
I am developing an Oauth 2 authentication server and I have a problem with endpoint redirection.
Here is what the RFC says that I try to follow scrupulously:
3.1.2.1. Endpoint Request Confidentiality
The redirection endpoint SHOULD require the use of TLS as described
in Section 1.6 when the requested response type is "code" or "token",
or when the redirection request will result in the transmission of
sensitive credentials over an open network.
https://www.rfc-editor.org/rfc/rfc6749#section-3.1.2.1
Here is my question:
I know if the current request uses HTTPS with the $_SERVER ['HTTPS'] superglobal, but how do I determine if the url I'm going to redirect is using TLS
?
header("Location: $redirectUri");
Do I only rely on the protocol (https: // at the beginning of the URL)? On headers returned by a CURL request made before redirection (check the presence of the Strict-Transport-Security header) ? If not how should I do it?
PS: Normally it is not necessary but in case. Here is the complete code:
https://github.com/alexandre-le-borgne/oauth-server/blob/master/src/OAuth2/Endpoints/AuthorizationEndpoint.php#L185
My conclusion is that it is enough to check the presence of the https at the beginning of the URL.
So I am working on a API, and I want to check which domainname is requesting information from the API.
So, the client has a cURL script, this script sends a POST request to the server. The server needs to know the domainname of this request.
But I don't know how to check which domainname sended a POST request?
Any idea's?
You can use $_SERVER['REMOTE_HOST']
from the docs:
'REMOTE_HOST'
The Host name from which the user is viewing the current page. The reverse dns lookup is based off the REMOTE_ADDR of the user.
Note: Your web server must be configured to create this variable. For example in Apache you'll need HostnameLookups On inside httpd.conf for it to exist. See also gethostbyaddr().
I am trying to upload a file using an (jquery) AJAX request but it fails and the response sent is
Request Rejected
The requested URL was rejected. Please consult with your administrator.
Your support ID is: xxxxxxxxxxxxxxx and provide steps to replicate the issue
I've tried to visit the URL using browser and that works fine.
Is there anything related with the AJAX request or is it entirely a server side issue? How can I solve this?
Your message is being generated by a Big IP ASM
When an Illegal HTTP status violation occurs, the BIG-IP ASM sends an HTTP blocking response page that includes the OWS Server header.
So the problem is not on your side, it's on the web server side.
When origin in request header is null, server doesn't allow request. read about CORS at http://en.wikipedia.org/wiki/Cross-origin_resource_sharing Cross Domain request can be allowed from php server as
header("Access-Control-Allow-Origin:*");
and enable all methods for request.
header("Access-Control-Allow-Methods: POST, GET, OPTIONS");
I am trying to send a GET Http Request to my computer that runs an Apache server.
When I send the request from XCODE to X.X.X.X\my_script.php using sendSynchronousRequest I get a response - Unsupported URL.
However, if I try to connect to this address using my browser it works fine.
Any suggestions? does it not support an address which contains IP?
Change slash in your request: X.X.X.X/my_script.php