How to prevent users from manually entering a page
Source: Internet
Author: User
How do I prevent a user from manually entering a page?
The root directory of the Web site with the index.php side of the private.php page, I now only allow it to be called by the client program, not allowed to be manually entered by the user (such as: http://127.0.0.0/private.php), how to set?
------Solution--------------------
Determine the source of his request address or get the last request address
$_server[' Http_referer '];
This can't be thought of using JS to implement
------Solution--------------------
The best is $_server[' http_referer ']; source monitoring
The other is to set the session permission authentication, the normal user session to jump or return 404 head
Can be authenticated by GET or post a parameter, for the user of unknown rules, the breakthrough is very difficult
------Solution--------------------
Not necessarily with the session.
You're in private. PHP also sets a variable
For example
if ($flag = = ' value ')
...
Else
Exit;
When you call the client, pass this value to this page to get its value.
You can set this value yourself.
------Solution--------------------
Client passes encrypted data server side for decryption proofing
I don't have to tell you the rest.
------Solution--------------------
1. After the client is installed, generate its own public private key and submit the GUID and public key through HTTPS protection custom protocol.
2, in the future Client Connection service side, first use the private key to encrypt the GUID, and then commit with the GUID, the service side according to the GUID select the corresponding public key decryption authentication GUID success is considered normal for the client to be issued to the session cookie.
In fact, the key is 2 points:
1, after the client installation of the first HTTPS connection server, if it is considered possible fraud, the client can ask the CA to verify the certificate from the service side, otherwise you can directly trust the service-side certificate, and through the public private key encryption Exchange symmetric key to complete the client-level public private key submission.
2, is actually the HTTPS protection to complete the trust relationship configuration, played scp/ssh students should have a number.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
A Free Trial That Lets You Build Big!
Start building with 50+ products and up to 12 months usage for Elastic Compute Service