How does get-php determine where the request comes from?

Source: Internet
Author: User
For example, if Site A initiates a get request to Site B, how can I determine whether the request is from site? Currently, I know that $ _ SERVER [& #039; HTTP_REFERER & #039;] But $ _ SERVER [& #039; HTTP_REFERER & #039;] can be forged, for example, if Site A initiates a get request to Site B, how can I determine whether the request is from site?
Currently, I know $ _ SERVER ['HTTP _ referer'].
However, $ _ SERVER ['HTTP _ referer'] can be forged, providing a better solution to requests.

Reply content:

For example, if Site A initiates a get request to Site B, how can I determine whether the request is from site?
Currently, I know $ _ SERVER ['HTTP _ referer'].
However, $ _ SERVER ['HTTP _ referer'] can be forged, providing a better solution to requests.

If only B is under its own control, there is no better way...

HTTP_REFERERIt is the only field in the HTTP protocol used to identify the user source...

However, if Station A is under your control, you can make an agreement to confirm that the request actually comes from station...

For example, if two parameters are passed for each request from Station A to Station B...tAf...

If you receive$_GET['f']Equalmd5( $_GET['t'] . 'secret_key' )It is legal...

Continue to process the request according to the original logic... otherwise, discard it directly...

If you do not want to add two parameters... You can also use the content that can be obtained by site AtParticipate in computing...

This is a safe way to mark identities between two sites... commonly known as fingerprints or signatures...

The salt hashing algorithm described above is relatively simple...

If you need more secure transmission... you can also use a more powerful RSA algorithm...

There is also A way... you also need A to stand in your control scope...

For example, the target link ishttp://B.ext/somelink... Need to be convertedhttp://A.ext/go/somelink...

Then send A message to the address of A limited source IP address of Station B when processing such A link in the background of station...

The message content is the user's IP browser and the address to be accessed...

Then, if Site B is followed by such access, it will be deemed as legal. Otherwise, it will be discarded...

This is basically how Grace works...

At present, there is no better method on the server side, because the HTTP header is just a little bit of content, it is very simple, only this field is used to mark the source of the link.

When station A sends messages and receives messages from Station B:
1. Use A string as the key $ key = 'alsfjewoi212' and put it on site A and site B respectively.
2. Connect the data $ data that the site wants to GET with the key and assign the md5 value to $ x = md5 ($ data. $ key );
3. get $ x and $ data to Site B at the same time.

4. determine when B receives the message:
If ($ _ GET ['X']! = Md5 ($ _ GET ['data']. $ key) exit ();

Done.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.