Get domain of the site that sent an http request

[MaFtuk]

i have a script on one of my sites that is accessible to 2 other sites and only those 2 sites.

i have a relatively simple script to block access to other users whereby the ip address MUST match that of the websites who have permission to access. i know it's not perfect (i.e. any other sites on the same shared server could, if they wanted to, access the script*) but it will suffice.

i also have it set up that any attempts that don't match my criteria sends me an email with the date, time and the ip of the source of the request. however the ip address isn't actually that useful in determining who, or which site, was attempting to access the script. the normal method of $_SERVER[SERVER_NAME] (or SERVER_ADDR) just gives me my domain etc as this is where the script is running.

REMOTE_ADDR gives me the ip address of the breach but isn't that useful.

HTTP_REFERER is blank so of no use.

so, does anyone have any other ideas as to how i can get this information?!

MaFt


* before those who remember the recent sheffield server shenanigans, don't worry - the script simply outputs an xml feed and won't change all your index*.* files!

[MaFtuk]

nobody any ideas?!

[Rock]

Quote:

Originally Posted by MaFtuk

nobody any ideas?!

Hi,

To restrict access to a particular file within a directory, use this in the .htaccess:

Any of the above techniques can be applied to a single file within the host directory instead of the directory as a whole.

<Files script.php>
order deny,allow
deny from all
allow from domain1.com
allow from domain2.com
allow from xx.xx.xx.xx
allow from yy.yy.yy.yy
</Files>

The above code will allow access only to the specified allow from hosts, to the file script.php. Additional file names can be specified, separated by commas; alternatively wildcards can be used to specify multiple files, eg: <Files *> would affect all the files in the directory.

You can download Page Guard Pro if you want to log all events containing authorized & unauthorized logins by IP Address, requested URI & along with more information.. from a web browser interface

[MaFtuk]

thanks for that. is there a way to only allow certain 'browsers'? eg to check for a string in teh browser header?

MaFt