PHP Handling illegal Access specific introduction

Objective

In the browser to enter a URL link, to locate a resource is the basis of the work of the Internet, but for the security of the site, illegal access to the site is very necessary. Today, let's summarize some of the common ways to disable illegal access.

Session mode

Most sites will have this feature, and a very important module based on this function is "Authentication", of course, and OAuth and other professional certification is not comparable. Here is a simple authentication for the user after the successful landing. Especially in the cross-page processing of some transactions, the role of the session will be more obvious, today, with the help of the session to implement a ban on illegal access to the function.

The principle is relatively simple, using two PHP files, the role of index.php is to impersonate the user login, and then write "Identity" in the session, and then visit other pages of the site will be with this authentication to login.

index.php Impersonation Authentication

<?phpsession_start (); $_session[' name ']= ' Guo Pu '; echo "Hello". $_session[' name '];

Target Resource Page session.php

<?phpsession_start (); $name = $_session[' name '];if (! $name) {    echo "403 forbidden! Please log in first, then check the relevant information! ";    Die ('//-^-\\ ');} else{    echo "Certification passed! ";}

Effect Demo

• Prompt for information when no identity token
  

• Simulation verification
  

• Access the Resources page after simulation verification
  

URL-Judging method

Personally, I think, according to the URL way to deal with a better way is through the routing settings, through a route to the big manager, processing all external requests, want to effect will certainly be good.

The following describes a simple version of the implementation, the function is to prevent external chain processing. The core is achieved through Referer. This is relatively simple, have done a reptile will understand all of a sudden, not much to say oh.

source file

<?php$targeturl = "http://localhost/phpstorm/Test/index.php"; if ($_server[' Http_referer ']!= $targeturl) {    // Header ("Location:". $targeturl); Exit;        echo "This site anti-chain Oh, please go to <br/>    <a href= ' index.php ' > Point me to access the Resources page!!! </a>    <br/> Access to our resources Oh! ";} else{    echo "Normal access to the Resources page!" ";}

Related to the index.php file simple setup a hyperlink, the role is to add a referer for the resources, to ensure that the resources can only be accessed in the results of the site.

index.php File Contents

<?phpecho "Home Oh! ";    echo "
Demo effect


It is generally possible to prevent the effect of the chain in this way, but if you use this method, maintenance is still more troublesome.

Summarize

Simply to recap, it would seem easier to implement a ban on illegal access in PHP, but there is actually a lot of learning in it, and here is just a little calf on that cow on the tip of the iceberg.

From the practical point of view, each has its own advantages, can only say that there are pros and cons it, can not say that a better, can only say which is more suitable.

It is lighter and easier to maintain by adding an identity tag, and it can be cumbersome to maintain through URL routing, but flexibility may have a better effect.

How to say, the specific situation of concrete analysis of it.