0

I have 2 separate servers (Server A and Server B) each with a PHP script (Script 1 and Script 2).

I have PHP script 2 on Server B that I want to run, but only from PHP script 1 on Server A. I do not want any other http requests to pass through the directory on Server B where my protected script resides.

In other words --> run script 2 on Server B only if http request comes from script 1 on Server A. {Note: I do not want to button-down by IP, only by referring script]

Is this doable in an .htaccess file using Allows and Denys? Or is it done some other way.

I can't do this via a _SERVER var because I can't seem to capture the referring script in my PHP Script 2.

Thanks.

Improve this question

2 Answers 2

Reset to default
1

You can deny access to all IPs except Server A (with the ip = 888.888.888.888) on server B by adding this to the .htaccess in the root of your script:

order deny,allow
deny from all
allow from 888.888.888.888

But it depends how the script on Server B is accessed by Server A - if it's a server side call it should work.
I would also suggest using a token system: Server A sends a request and a token to server B (something like md5(a secret string + request data)) Server B checks token and and runs the script if everything checks out.

Improve this answer
Sign up to request clarification or add additional context in comments.

8 Comments

Thanks @lansen. I knew about restricting by IP (I thought about added that note after I already posted). I don't want any request coming in from anywhere except the specific PHP Script -- even if another request comes in my Server B.
Add a token system with a secret key that only the two scripts know about. You have to add it to PHP. You could check the REFERER in htaccess but I wouldn't suggest that because it's very easy to fake(send a fake referer to a script)
@lansen -- sorry but I have never used (or heard of) the "secret token" method. Is it complex? Do you have a sample block of code to share so I can see how it works. Thanks!
It's not that hard. In the script that is sending the request you set a secret key... like this: ` $secret_key="some_random_string_here"; ` then using this secret key and the data you are sending to the second script generate a unique(dependent on the data you are sending) token. Let's say you are posting 3 fields ... the token would look like this: $token=md5($secret_key.$field1.$field2.$field3); and send the $token and your data to the second script. In the second script get the data and generate the token again(like above).If the tokens match run the script.
In the second script : //never sent the $secret_key over http //only the 2 scripts know what it is $secret_key="some_random_string_here"; $local_token=md5($secret_key.$_POST['field1'].$_POST['field2'].$_POST['field3']); //$_POST['token'] -is the token sent by script 1 if ($local_token==$_POST['token']) { //your code here }
|
0

Here is one way to do it.

Put the following in the .htaccess in the root directory of Server B

# if the ip address matches the server of script1, set MY_ALLOW (default=1)
#change the ip to match the ip of server A
Setenvif Remote_Addr ^12\.34\.567\.89$ MY_ALLOW_SCRIPT2

#if the script is not allowed
RewriteCond %{ENV:MY_ALLOW_SCRIPT2} !1
# return a 403 forbidden
RewriteRule ^script2 - [F]
Improve this answer

3 Comments

Thanks @Ulrich Palha...hoping to be able to do it in a manner other than by IP.
@Dr.DOT Given your requirements, .htaccess is not a suitable solution. I recommend going with the shared secret (token) system that Lansen suggested because it is more secure.
Thanks @UlrichPalha...I am not familiar with sending secret tokens so I will look into that. Sounds like the way I want to go. I was starting by using a _GET var but that is not as secure as I am envisioning the secret token to work. Googling now...

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.