开发者

How do I prevent access to a php script if not called with a comandline application like curl

How do I prevent access to a php script if not called with a comandline application 开发者_如何学运维like curl? I'm working on a web application and it uses a cron script to run it's services. I'm using codeigniter so I have to use a url not a file path.


While not a direct answer, I think this CodeIgniter Library would solve the underlying problem:

CodeIgniter CLI Library

I believe that's the library used in a CI project I was brought in on. It works well. From the command line just:

php cli.php controller action urlseg1 urlseg2 ...


Use HTTP authentication.

You can recognize curl by User-Agent HTTP header, but it is not safe - anybody can use such header (or use curl) to access your scripts.

(edit) You can also use IP address of the request. Curl requests from cron will probably have 127.0.0.1; it should be not possible for anyone to make requests from this address (unless your website runs behind reverse proxy running on the same server). This is not 100% safe (for example on shared webhosting), but it might be safe enough.

BTW. why not run PHP script directly from CRON? Then it does not have to be web-accessible at all.


This probably isn't the best solution, but you can implement it in seconds.

Use cURL POST and pass in a password as one of the POST variables. Check if the password is correct with your script wrapper and only execute the file if so.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜