保护接收贝宝IPN通知的PHP脚本 [英] Protect php script that receive paypal IPN notifications

问题描述

在我的网站中，我集成了一个php脚本，该脚本可接收IPN通知并将许可证密钥发送给客户.该脚本与php脚本所需的其他2个php文件位于一个文件夹中...如何保护此文件夹?如果我在其中放置.htaccess并带有:

In my website, I've integrated a php script that receive an IPN notification and send a license key to the customer. This script is in a folder with other 2 php files required by the php script... How can I protect this folder? If I place in it an .htaccess with:

order allow,deny
deny from all

我也阻止了贝宝的通知.

I block the paypal notifications too.

我如何保护它?我需要吗?

How can I protect it? Do I need to?

推荐答案

您可以安全地将对IPN脚本的访问权限仅限制为以下IP地址列表:

You can safely limit access to your IPN script only to the following list of IP addresses:

216.113.188.202
216.113.188.203
216.113.188.204
66.211.170.66

这可以通过以下方式完成:

This can be done in the following way:

if (!in_array($_SERVER['REMOTE_ADDR'],array('216.113.188.202','216.113.188.203','216.113.188.204','66.211.170.66')) {
header("HTTP/1.0 404 Not Found");
exit();
}

通过这种方式，只有Paypal才能访问IPN脚本.

In this way ONLY Paypal will be able to access the IPN script.

此IP地址列表多年来一直相当稳定.如果贝宝(Paypal)添加了新地址，则可以将报告添加到电子邮件中，并手动检查此类情况.

This list of IP address has been rather stable for years. In case if Paypal adds a new address, you can add reporting to email and review such cases manually.

这篇关于保护接收贝宝IPN通知的PHP脚本的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！