Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
What is the best way to prevent executing a PHP script from other hosts? Basically, I only want my server web1.mydomain.com to execute the PHP script. Right now, if I create a html file with an iframe or img tag that points to my script on a different domain and call it, it works and executes. I want to prevent this.
Is it possible to do this at the web server level instead of PHP application code? I am using nginx. That would be the best solution.
This would seem to be a textbook case of what the
valid_referersnginx directive is for.Add something like the following to the
location-block for your script:or if you want to be bit less strict, and more tolerant of stripped/obfuscated referers:
see http://nginx.org/en/docs/http/ngx_http_referer_module.html#valid_referers for more info