defroster Posted August 2, 2010 Share Posted August 2, 2010 Does the Apache server automatically block forms method='post' information that comes from another webserver? I hope so. If the answer is no, can I block all information being sent from other servers? Thanks, df Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted August 3, 2010 Share Posted August 3, 2010 The only information you receive with any http request is what comes with the http request. That includes the ip address of the device that made the http request and to which the reply will be sent back (this is gotten out of the TCP/IP data packets), the URL that is being requested along with any GET parameters that are part of that URL, any headers that are included in the request, any COOKIES that are included in the request, and any POST data that is included in the request. The only way you can identify where a request came from is by looking at the available information. If another web server is being used to directly POST data to your site and that web server has a fixed IP address, you can block the IP address. That will slow someone down, but it is fairly easy to go through a web proxy server to get a different IP address. What sort of problem are you having that you are tying to solve because most problems with receiving undesirable input must be addressed in your code by validating the input that is received. Quote Link to comment Share on other sites More sharing options...
defroster Posted August 3, 2010 Author Share Posted August 3, 2010 Ahh, ok thanks for explaining. I had misunderstood a bit as I thought it could be controlled from the server (with some code perhaps) that all executed forms must be from the same webserver. This is just spam prevention. But I guess captcha is the only way, no? thanks, df Quote Link to comment Share on other sites More sharing options...
cags Posted August 4, 2010 Share Posted August 4, 2010 In the form processing script you should be able to check $_SERVER['HTTP_REFERER'] is equal to your submit form. This won't however necessarily prevent SPAM. Quote Link to comment Share on other sites More sharing options...
defroster Posted August 4, 2010 Author Share Posted August 4, 2010 Thanks, yes that is actually a clever solution. Thanks Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted August 4, 2010 Share Posted August 4, 2010 Most BOT scripts set 'HTTP_REFERER' to match the site they are 'visiting' because they want you to think they are a 'real' browser that just fetched your form from your site. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.