views:

71

answers:

2

Suppose I have a url like

http://mysite.com/get-users

which returns a JSON object of all users. But, I don't want anyone (or any bots) to be able to go to this url to fetch this information. I want it to only respond to calls from other local modules in the same website.

How would I go about implementing someting like this?

+1  A: 

Compare the REMOTE_ADDR against a white list of approved IPs. If it's not in that list, simply return nothing, close the socket, or return an HTTP error.

Will Hartung
A: 

Hi colorfulgrayscale!

Are you using Spring? Have considered adding a filter bean inside your context to only allow HTTP requests from your site?

jdecuyper
hey! no, i'm actually doing this in django(python) and not in java.
colorfulgrayscale