Click here to Skip to main content
14,358,929 members
Rate this:
Please Sign up or sign in to vote.
See more:
Hi Everyone,

I am trying to check the remote IP address, and if the remote ip address is not the same as my own ip address, than echo or alert on the screen to say you dont have access to this file.

and if i include this file in my own pages, it should allow. below is my script which does display my ip and remote ip address, upto this point it works fine.

this is my config or functions file, which i include("functions.php") within in my landing page index.php. this is where i just want the index.php to be able read - which is not working.

Any suggestion is highly appreciated, i know i can use session i guess. but struggling to set one.

What I have tried:

<?php
//	I usually like to add a line to some of my include-files, to keep them from being accessed directly:

if ($_SERVER[‘REMOTE_ADDR’] != $_SERVER[‘SERVER_ADDR’]) die("Nope! You can not have it.");

//==	Attempt to obtain the visitor's actual IP-Address (as best as possible).
function get_real_IP($void=null) {

$headers = array(
'HTTP_VIA',
'HTTP_X_FORWARDED_FOR',
'HTTP_FORWARDED_FOR',
'HTTP_X_FORWARDED',
'HTTP_FORWARDED',
'HTTP_CLIENT_IP',
'HTTP_HTTP_CLIENT_IP',
'HTTP_FORWARDED_FOR_IP',
'VIA',
'X_FORWARDED_FOR',
'FORWARDED_FOR',
'X_FORWARDED',
'FORWARDED',
'CLIENT_IP',
'FORWARDED_FOR_IP',
'HTTP_XPROXY_CONNECTION',
'HTTP_PROXY_CONNECTION',
'HTTP_X_REAL_IP',
'HTTP_X_PROXY_ID',
'HTTP_USERAGENT_VIA',
'HTTP_HTTP_PC_REMOTE_ADDR',
'HTTP_X_CLUSTER_CLIENT_IP'
);

foreach ($headers as $header) if (isset($_SERVER[$header]) && !empty($_SERVER[$header])) return $_SERVER[$header];

if (trim($_SERVER['SERVER_ADDR'])==trim($_SERVER['REMOTE_ADDR'])) return $_SERVER['SERVER_ADDR'];

return $_SERVER['REMOTE_ADDR'];
}

if ($_SERVER['REMOTE_ADDR'] != $_SERVER['SERVER_ADDR']) die("Nope! You can not have it.".$_SERVER['SERVER_ADDR']  ." Remote address ".$_SERVER['REMOTE_ADDR'] );
    
?>
Posted
Updated 2-Oct-19 15:28pm
v5
Comments
Richard MacCutchan 16-Jun-19 8:45am
   
What file are you referring to? There are easier methods to protect the information on the server.
Member 14093672 17-Jun-19 5:15am
   
Thanks Richard,

Just trying to protect sub folders and files within from outside world, but should be accessible to the app, i.e., library configs images etc.

Would you please advise what other easier methods to protect the information on the server please?

I am also trying to use virtualhost protection, please see my other question https://www.codeproject.com/Questions/5128251/Apache-setup-virtual-host.

I would be grateful if you share your thoughts.

Thanks once again for reading my posts.
Richard MacCutchan 17-Jun-19 5:24am
   
Server files are not visible to the outside world via browsers unless you make them so. I think you are trying to solve a problem that does not exist.
Member 14093672 17-Jun-19 12:48pm
   
the problem exists, if someone example type www.xyz.com/lib or www.xyz.com/images/logo.png, it is visible to outside world. i want this visible only to the app not the outside world. hope its clear.
Member 14093672 17-Jun-19 12:54pm
   
example
DirectoryMatch "c:/xampp/htdocs/xyz/(.+)/">
Order deny,allow


example., i got xyz/images/logo.png

by default users cannot browse the directory., however in my browser if i type www.xyz/images/logo.png
, the logo file appears in the browser. i want this to be restricted for outside world but visible to app.

Richard MacCutchan 17-Jun-19 12:56pm
   
Why make them visible to a browser in the first place?
Member 14093672 17-Jun-19 13:08pm
   
because those files in sub folders are important/business scripts, and it should b only available to app not outside world.hope i made it clear please
phil.o 2-Oct-19 19:52pm
   
This is something you would rather do on network level: do not route incoming requests on external IP on ports 80 and 443 to your web server, and no one from outside will even be able to reach the root of your site.

1 solution

Rate this:
Please Sign up or sign in to vote.

Solution 1

--- JUST REALIZED ---
It's a 3 months old post, someone decided to format a 3 months old post
----------------------

Let me give you several option to handle this
1. Handle through Apache
You can simply deny any request that is not coming loclhost or 127.0.0.1
RewriteEngine On
RewriteCond %{HTTP_HOST} !^localhost [NC]
RewriteCond %{REMOTE_ADDR} !^127\.0\.0\.1$
RewriteRule ^/super_secret_image_path/?(.*) [R=404,L]

2. Handle through Apache, additional layer, using reverse proxy. Run your main php application with different port. And only localhost or internal network would be allowed to access and you browse your application when you have to access from localhost using extra port
3. Through PHP with Apache. Write a directory directive to deny all
<Directory "/var/web/your_precious_image_directory">
  Require all denied
</Directory>

With PHP create a rule that will translate download request to actual path and write the file content with proper header.
$filepath = transalte_special_image_path($_GET["img"], $_GET["img"]);


if(file_exists($filepath)) {
    header('Content-Description: File Transfer');
    header('Content-Type: ' . get_actual_content_type($file_path)); // eg: image/jpeg
    header('Content-Disposition: attachment; filename="'.basename($filepath).'"');
    header('Expires: 0');
    header('Cache-Control: must-revalidate');
    header('Pragma: public');
    header('Content-Length: ' . filesize($filepath));
    flush(); // Flush system output buffer
    readfile($filepath);
    exit;
}
   
v2

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)




CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100