I am trying to get a script to only work if someone's server is accessing it. I don't want it to work if they try to load it up in their browser. Is there any way to do this? Thanks in advance!
I personally don't know of a sure fire way to do this, but I do know that you can check for what browser the person is using and you could cut out access if they are using any of the major ones. This would probably not allow 95%+ of traffic from browsers if not more.
You can check the apache environement variable HTTP_USER_AGENT But why do you need to allow servers and not humans? (then just don't give the url...)
I need to give the URL so they can access it with their servers without them seeing it. Basically for-machine-eyes only. I have some powerful code that I want to sell, but I don't want it altered or pirated.
you can try this code ... <?php if ( strpos($_SERVER['HTTP_USER_AGENT'], 'Gecko') ) { if ( strpos($_SERVER['HTTP_USER_AGENT'], 'Netscape') ) { $browser = 'Netscape (Gecko/Netscape)'; echo 'You Are Not Allowed To See This Page'; } else if ( strpos($_SERVER['HTTP_USER_AGENT'], 'Firefox') ) { $browser = 'Mozilla Firefox (Gecko/Firefox)'; echo 'You Are Not Allowed To See This Page'; } else { $browser = 'Mozilla (Gecko/Mozilla)'; echo 'You Are Not Allowed To See This Page'; } } else if ( strpos($_SERVER['HTTP_USER_AGENT'], 'MSIE') ) { if ( strpos($_SERVER['HTTP_USER_AGENT'], 'Opera') ) { $browser = 'Opera (MSIE/Opera/Compatible)'; echo 'You Are Not Allowed To See This Page'; } else { $browser = 'Internet Explorer (MSIE/Compatible)'; echo 'You Are Not Allowed To See This Page'; } } else { $browser = 'Others browsers'; //Run your Code here } ?> This code is not full proof .. you can load some sessions to be more confirmed. You can also check operating systems....
There's no way to figure this out. People could just use a proxy, which would go in the category of "servers". Anyway, if you want to make sure it's a server (or proxy) use: if (!@fsockopen($_SERVER['REMOTE_ADDR'], 80)) { header('HTTP/1.1 401 Unauthorized'); exit('Unauthorized access'); } PHP: Should work in most cases.
Even with a proxy, it could be be easily bypassed. Considering if someone wants to see the code, they will. With FireFox, you can easily download a plug-in that will let FF report as any browser (or any server) you want. Is your script reporting back information about its existence? Bing
Yes. I fully understand that no lock is perfect. But the data will be encrypted in 2 ways, need a key to be accessed completely, and send me an email when its run giving me the details of the domain so I can watch it for activity. Still always hackable, but I just don't want to make it easy on them.
forget checking user agent's, it's the poisened and unreliable env ever. 99.9% of browser send some or all of the following: [HTTP_ACCEPT] => text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 [HTTP_ACCEPT_LANGUAGE] => en-gb,en;q=0.5 [HTTP_ACCEPT_ENCODING] => gzip,deflate [HTTP_ACCEPT_CHARSET] => ISO-8859-1,utf-8;q=0.7,*;q=0.7 however servers will almost never send them, specifically HTTP_ACCEPT_LANGUAGE and HTTP_ACCEPT_CHARSET, if they are present odd's are it's a standard user(_agent).
Theres a simpler way which will probably work. Send a redirect header before your content. Browsers will obey, standard socket clients wont.