只允许某些网站访问 PHP API [英] Only allowing certain websites access PHP API
问题描述
我目前面临保护客户在其网站上使用的 API 的问题.但是,因为这个 API 是由 JavaScript 调用的,所以我发现很难找到一种方法来只允许这些 API/URL 访问 API/URL.
I am currently facing the problem of securing up an API my clients use on their websites. However because this API is called by JavaScript I'm finding it hard to figure out a way to only allow these access the API/URL's.
那我该怎么做呢?我如何只允许访问这些链接.显然,链接可能会受到损害,但如果脚本不是来自经过验证的站点,我希望有一种方法可以拒绝该脚本的运行.我能想到的所有 ATM 都是 Referrer 标头,众所周知,它可以被伪造.有没有办法可以追踪请求的来源?如果是这样,如何?因为那样我就可以检查请求的来源,如果它不是允许的来源,那么只需发出 403 Forbidden.
So how would I go about this? How would I only allow access to these links. Obviously the links could be compromised but I would like to have a way to deny the script from operating if it hasn't come from an verified site. ATM all I can think of using is the Referrer header which as we all know, can be faked. Is there a way I can trace the source of the request? If so, how? Because then I could just check the source of the request and if it isn't an allowed source then just issue a 403 Forbidden.
谢谢.如果您需要更多信息,请随时询问!
Thanks. If you need any more information please feel free to ask!
推荐答案
就我个人而言,我会建立一个数据库表,其中列出了您想要允许的网址以及每个网址的唯一键,例如
Personally I would build a database table which listed the urls that you want to allow and also a unique key for each of them something like
url = http://stackoverflow.com
键 = 9fc4c60c2f6b9aaba3a640e5e4b9bc4d
key = 9fc4c60c2f6b9aaba3a640e5e4b9bc4d
然后使用基本身份验证来验证您的调用并检查身份验证标头以匹配每次访问的 url 和密钥.
Then use basic auth to authenticate your calls and check the auth headers to match both the url and the key of every access.
这显然取决于您构建 API 的方式,但作为提示,Slim PHP Framework 是一个很棒的工具并且有一个非常好的基本身份验证中间件
This obviously depends on how you have built your API but as a tip Slim PHP Framework is a great tool and has a really nice basic auth middleware
另一种方法是拥有一个 php 文件,其中包含所有允许的站点的数组,然后在每次调用时检查此数组.
The other way is to have a php file which holds an array of all of your allowed sites and then check through this array for each call.
这篇关于只允许某些网站访问 PHP API的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
