0

We have site made using CodeIgnitor PHP framework. We run a cron job to hit a URL with it.

But with that URL it can be hit from any machine as it's function made that does task related to database.

We want to make that function to be hit only within server IP OR specific IPs list so only that we will add our allowed machines can hit that URL?

How we can do that?

halfer
  • 19,824
  • 17
  • 99
  • 186
Abdullah Siddique
  • 65
  • 3
  • 12

3 Answers3

1

Maybe you shoud use a .htaccess file ? (if you use Apache) Doc: http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html

<Directory /www>
    Order Deny,Allow
    Deny from all
    Allow from YOUR_IP
</Directory>

In PHP you can do this on top of your script:

$allow = array("123.456.789", "456.789.123", "789.123.456"); //allowed IPs

if(!in_array($_SERVER['REMOTE_ADDR'], $allow) && !in_array($_SERVER["HTTP_X_FORWARDED_FOR"], $allow)) {
    header("HTTP/1.0 404 Not Found");
    exit();
}
fdglefevre
  • 672
  • 4
  • 15
  • See my above comment if you like you can make on example like i told and for this php code is that need to be placed in that file where does that function exists? If yes is that compatible with Codeignator environment or need to append something? – Abdullah Siddique Mar 30 '15 at 14:42
  • It's pure PHP so yes it's compatible. If you want to use this piece of code you must add it on top of your `XYZ.com/FOLDER/index.php` file. – fdglefevre Mar 30 '15 at 14:53
0

You can use restriction over your apache or nginx. And this will be safer.

For nginx

location /path/to {
    allow 192.168.1.1/24;
    allow 127.0.0.1;
    deny 192.168.1.2;
    deny all;
}

For apache 

<Location /path/to>
    Order deny,allow
    deny from all
    allow from 192.168.
    allow from 104.113.
</Location >

Apache and Nginx

mim.
  • 669
  • 9
  • 18
  • we have apache server where to add that? Also /path/to we need to define that url here? – Abdullah Siddique Mar 30 '15 at 14:37
  • Also can we specify accurate Ips also ? And can you make an example like this is the url i want to hit from 2 Specific address only rest all denied: https://www.facebook.com/directory/people/ – Abdullah Siddique Mar 30 '15 at 14:40
  • You need to add it to your virtualhost or server config. And the path is an url match, you can find details in [Location Doc](http://httpd.apache.org/docs/2.2/mod/core.html#location). – mim. Mar 30 '15 at 14:45
0

If I were you I would make extended condition for CLI request or let's say admin approach. CI3

<?php if !defined('BASEPATH') exit('No direct script access allowed!');

class Cronjob extends CI_Controller
{
    public function __construct()
    {
        if (!is_cli() && !is_admin()) {//assuming you have some login/checking module for admin
            redirect('welcome', 'refresh')
        }
    }

    public function index()
    {
        //your code here
    }
}

CI2

<?php if !defined('BASEPATH') exit('No direct script access allowed!');

class Cronjob extends CI_Controller
{
    public function __construct()
    {
        if (!$this->input->is_cli_request() && !is_admin()) {//assuming you have some login/checking module for admin
            redirect('welcome', 'refresh')
        }
    }

    public function index()
    {
        //your code here
    }
}

To explain this: CLI checking ( check CodeIgniter Input class/library ) will allow server to approach through cronjob, and checking if admin will allow authorized user to make call over that controller as well. So you don't bother with IP because authorized person can make cron job even from other locations. In other words, anyone that is not SERVER or admin couldn't call this controller/method.

Tpojka
  • 6,996
  • 2
  • 29
  • 39