0

I have a static form on a server that does not support php:

<form action="http://otherserver.com/process_form.php"

I need the script on the file process_form.php to only be processed if the request is being sent by the static IP of the server on which the static form is hosted. How to do this?

If anyone other then that ip is attempting to request the script the script should be killed immediately.

Improve this question
0

2 Answers 2

Reset to default
4

This will not work the way you want because the IP will be that of the client, never the server on which the form is hosted.

You are looking to test the

$_SERVER["HTTP_REFERER"]

header variable. That will tell you which page the originating form was hosted on - however, it is not safe. This header is set by the client, and can be freely manipulated.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

As Pekka noted, the HTTP referer can be easily spoofed. From a security perspective, this would not solve anything.

Also note that some clients and browser plugins set the referer to an empty string. Make sure that these can still access your form.

Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.