0

I hope to get your feedback on this.

My HTML head for the website calls-js.com contains the following:

<html>
<head>
<script src="http://www.hosts-js.com/some.js"></script>
</head>
</html>

As you can see, calls-js.com is calling some.js from hosts-js.com.

I want to restrict who can call/view some.js using an IP whitelist on hosts-js.com.

This means if user 1.1.1.1 (whitelisited) and 2.2.2.2 (not whitelisted) open calls-js.com, only 1.1.1.1 gets to experience whatever some.js does.

I am thinking of writing a PHP script which automatically updates the .htaccess file on hosts-js.com to include whichever IP addresses are allowed.

<Files some.js>
    Order deny,allow
    Deny from all
    Allow from 1.1.1.1, some-other-ip, another-ip
</Files>

Is this the easiest way to do this, or can you think of another way?

  • 1
    F.e. you could also _generate_ the JS code by a server-side script – and have that script check the client’s IP address before it does so. – CBroe Aug 19 '14 at 08:37

1 Answers1

0

you can write a php/cgi/whatever script that will send the file (or not) based on database lookup/algorithm/whatever and put a rewrite on host-js to transform *.js to myscript?file=$1

Bastien Durel
  • 603
  • 5
  • 20
  • Interesting. So you mean something like this? 1. some.js is requested by the browser. 2. The server rewrites the request to check.php. 3. Check.php looks in a database, sees the IP is whitelisted, and agrees the JS can be viewed. 4. The relevant JS is pushed to the browser. If my understanding is correct, how is (4) achieved? Thanks –  Aug 19 '14 at 13:54
  • 1
    depends of the script language. In PHP you use readfile (http://php.net/manual/en/function.readfile.php) plus header to set the correct content-type – Bastien Durel Aug 19 '14 at 13:59