0

How to validate the host name in PHP?

That is if suppose am running my application server on IP:192.168.1.77 and if the request contains the Host name other than 192.168.1.77 it should not allow the further processing.

Any help or suggestion would be appreciated.

AmGates
  • 2,127
  • 16
  • 29

3 Answers3

1

I'll throw a unauthorized page. With error stating that there is mismatch in host name

What for? This is something the web server will already deal with if it's set up properly:

If you are using name-based virtual hosts, the ServerName inside a section specifies what hostname must appear in the request's Host: header to match this virtual host.

There's no need to additionally check for this in the PHP script.

It will be an additional security na? Thats what my clients requirement is

It is entirely pointless and will not add any security whatsoever. However, I guess there's no harm in doing it, either.

Pekka
  • 442,112
  • 142
  • 972
  • 1,088
  • 1
    @AmGates server configuration is a complex field. If you're tasked with setting up a production server and you're unsure about what to do, you may want to get someone experienced to do it. Anyway, there are good tutorials on the subject, this one looks like it covers the bases for example: http://apptools.com/phptools/virtualhost.php – Pekka Sep 30 '11 at 07:18
0

I guess you mean address, not hostname.

if ($_SERVER['REMOTE_ADDR'] !== '192.168.1.77') die(header("Location: /"));

if you really wan't to check the users hostname, use this

if ($_SERVER['REMOTE_HOST'] !== '192.168.1.77') die(header("Location: /"));

More info http://php.net/manual/en/reserved.variables.server.php

Harri
  • 2,692
  • 2
  • 21
  • 25
0

I think this is something you will have to do server side from within your web server's configuration. (.htaccess)

order deny, allow
deny from all
allow from 192.168.1.77
Kenny
  • 5,350
  • 7
  • 29
  • 43