Beefy Boxes and Bandwidth Generously Provided by pair Networks
Keep It Simple, Stupid
 
PerlMonks  

Re: CGI IP Based Security

by submersible_toaster (Chaplain)
on Jun 24, 2003 at 02:59 UTC ( #268376=note: print w/replies, xml ) Need Help??


in reply to CGI IP Based Security

Do you have access to the webserver configuration? Like being able to tell apache via httpd.conf to ..

Order Deny,Allow Deny from all Allow from myservername.here.com Allow from localhost
Would seem to obviate the need for any IP sec logic in your code

Update:Of course if you MUST do it with the script, for instance to display a 'friendly' warning rather than a 500 Forbidden, using the CGI query object from CGI.pm you can...

my $q = CGI->new(); my $remote_host = $q->remote_host();

I can't believe it's not psellchecked

Replies are listed 'Best First'.
Re: Re: CGI IP Based Security
by sgifford (Prior) on Jun 24, 2003 at 07:08 UTC
    You can also frequently do this from a .htaccess file.

    The Allow from localhost type stuff mentioned above, that is...

Re: Re: CGI IP Based Security
by devslashneil (Friar) on Jun 24, 2003 at 03:06 UTC
    I am not the admin of this box. I have root access but /etc/apache/http.conf does not exist, which leaves me stumped on web configuration.

    /etc/apache/http.conf.example exists however and apache is the running webserver.

    As a matter of interest it would be nice to know how to impliment IP checks in CGI anyway.
    :) Neil Archibald - /dev/IT -
      By printing out the value of $remote_host i've realized that this method will be fine when i initially run the script GETing data from the trusted IP.
      However, when the script calls itself (e.g a "next page" button to browse data) The $remote_host is set to the user, and the user is unable to progress.

      Is there any way for the script to detect how it has been called. e.g If it has passed GET data to itself, or if the GET data came from somewhere else?

      Thanks submersible_toaster for all your help so far :)

      Neil Archibald - /dev/IT -

        Maybe I have misunderstood your question. Are you saying that $remote_host is correct upon the first invocation of the script. But subsequently linked invocations it is set to a username? If it is a qualified hostname instead of an IP address , then I understand but a username??

        I am not sure I can think of how to mess with that part of the environment with a GET request. Could you post code that demonstrates the problem?


        I can't believe it's not psellchecked

        Try adding a hidden parameter to your script: set it to a pre-determined value when the script invokes itself and check in the beginning of the script if this parameter is set to that value.

        Warning! This is not very secure as anyone able to determine the correct value of that parameter wil now have access to your script. As you can only find that value by coming from the trusted IP, the risk is probably rather low, but stil ...

        CountZero

        "If you have four groups working on a compiler, you'll get a 4-pass compiler." - Conway's Law

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://268376]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others perusing the Monastery: (2)
As of 2019-05-22 02:34 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    Do you enjoy 3D movies?



    Results (138 votes). Check out past polls.

    Notices?
    • (Sep 10, 2018 at 22:53 UTC) Welcome new users!