How do I prevent access to a php script if not called with a comandline application like curl? I'm working on a web application and it uses a cron script to run it's services. I'm using codeigniter so I have to use a url not a file path.
views:
99answers:
3
A:
Use HTTP authentication.
You can recognize curl by User-Agent HTTP header, but it is not safe - anybody can use such header (or use curl) to access your scripts.
(edit) You can also use IP address of the request. Curl requests from cron will probably have 127.0.0.1; it should be not possible for anyone to make requests from this address (unless your website runs behind reverse proxy running on the same server). This is not 100% safe (for example on shared webhosting), but it might be safe enough.
BTW. why not run PHP script directly from CRON? Then it does not have to be web-accessible at all.
Messa
2010-05-09 03:02:15
I'm using codeigniter so the script doesn't actually exist as a file its a function that runs via a url.
Robert Hurst
2010-05-09 03:13:02
+1
A:
While not a direct answer, I think this CodeIgniter Library would solve the underlying problem:
I believe that's the library used in a CI project I was brought in on. It works well. From the command line just:
php cli.php controller action urlseg1 urlseg2 ...
Tim Lytle
2010-05-09 03:40:08
A:
This probably isn't the best solution, but you can implement it in seconds.
Use cURL POST and pass in a password as one of the POST variables. Check if the password is correct with your script wrapper and only execute the file if so.
Lotus Notes
2010-05-09 03:52:40