Secure Php execution on server - Apache - PhpOut

DainaHodges
January 20, 2019
117 views
0 votes
2 Answers

I have a php script which updates a database. I want to be sure that no one else can call my script remotely and execute it.

I tried this code but it did not work, the refer was always empty because I use https connection.

if (strpos($_SERVER['HTTPS_REFERER'], 'linkedfilm.com') == false) 
{
    exit();
}

The server is Apache server.

Thanks.

Tags: apache php security

Answers

- MatthewPage
- January 20, 2019 at 2:44 pm
- 0 votes
0
You could use .htaccess and put your script in a password protected directory.

Or you could use some sort of login and authentication routines on your site so you can login and access that script.

Or you could pass a ‘secret’ key with you call to the script, quick and dirty
```
if( $_GET['secret'] != "mysecret" ) exit();
```
Login or Signup to reply.

- SebastianWaldbauer
- January 20, 2019 at 2:45 pm
- 0 votes
0
Hello Daina Hodges,

You got a few options to secure this .php script.
1. You can secure this script by moving it into another directory outside of your DOCUMENT_ROOT
2. You can add the .htaccess
3. You can allow only local ip
Login or Signup to reply.

Please signup or login to give your own answer.

Click here to cancel reply.