Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Simple question: How to detect if the form data posted to my site is done through cURL and not through the site’s form page.
(Ex) user runs curl -H”Host: http://mysite” POST “post data” http://mysite for any form in the site.
Since it is possible to set Referer and User Agent, i believe that they don’t qualify as filtering criteria. Any suggestions or solutions are welcome.
Thanks & Cheers!!
Add a token to your form that you generate dynamically and store it in the users session. When the user submits a form check that the token from the form matches the token that’s in the session. This token should change every time the form is rendered. This will allow the form to be submitted only one time.
If the user submits a form with a stale token, just have them repost the form again with an error messages saying the form was stale and they need to repeat the operation again.
Curl can emulate a browser so nothing is going to be 100% effective, but this covers most of the cases.
You could also have this token field filled by JavaScript since curl doesn’t execute it.