问题
How can I get my PHP script to only answer requests if the requesting script is on the same domain?
** Edit: The PHP file is being accessed by an ajax request and is proxy, so I don't want others directly requesting it to come up, is this possible?
回答1:
You could use $_SERVER['REMOTE_ADDR'] to compare the IP of the user requesting the page. Or you could simply make it a command line script that (obviously) requires you to run it from the command line.
edit:
You want to prevent people from using that script other than via AJAX? Impossible, as AJAX itself is executed by the client, as such the request starts there. And it will be always possible to call that script alone; you can make it harder, but you won't be able to prevent it.
回答2:
There is no safe way to do that. Some developers will naively use the HTTP referrer header field, but anyone smart enough to abuse your ajax interface will have no problem forging the referrer.
回答3:
You shouldn't be sending requests to your own server. You should include the file and execute the functions directly.
来源:https://stackoverflow.com/questions/2330811/how-can-you-make-a-php-script-only-answer-requests-made-from-the-same-server