[OT] Who is requesting the page?

jacques has asked for the wisdom of the Perl Monks concerning the following question:

Recently I needed to tell if the client, who was requesting a page, was on the same machine as the server itself.

I was constructing a link such as "a href="/usr/bin"

And I wanted the link to work, but only if the client and server were on the same machine. So I thought one way of checking would be to compare the remote and server addresses in the environment variables. If they matched, then I could generate the link in my CGI script to display on an HTML page. Otherwise, I would leave out the link.

Are there better ways of doing this?

Comment on [OT] Who is requesting the page?

Replies are listed 'Best First'.
Re: [OT] Who is requesting the page? by simonm (Vicar) on Jul 17, 2005 at 23:31 UTC
No, I think comparing IP addresses is the only way to determine this.	[reply]
Re: [OT] Who is requesting the page? by graff (Chancellor) on Jul 18, 2005 at 02:51 UTC
You might want to try putting up a little "hello world" type of cgi script that happens to include the result of $cgi->remote_host() in the page content that it displays. If the http client is running on the same host as the server, you might get "localhost", or you might get "127.0.0.1" or you might get something else. Just try it and see.	[reply]
Re: [OT] Who is requesting the page? by greenFox (Vicar) on Jul 18, 2005 at 06:43 UTC
Possibly an overly paranoid approach but the way I would do this is to create a file on the server (outside of the webserved directory tree) with some content and record its md5 sum. Then in your CGI script check for the existence of that file and that the md5 sum is correct. -- Murray Barton Do not seek to follow in the footsteps of the wise. Seek what they sought. -Basho	[reply]
Re^2: [OT] Who is requesting the page? by jacques (Priest) on Jul 18, 2005 at 16:52 UTC
That's a great idea. Thanks.	[reply]
Re: [OT] Who is requesting the page? by waswas-fng (Curate) on Jul 18, 2005 at 04:28 UTC
Well you need to account for all IP addresses on the local system. On many unix hosts you can see many IP's (even per interface) and of course loopback (127.0.0.x). Depending on the config and what ip they browse to to get on the site their ip address will be different. -Waswas	[reply]
Re: [OT] Who is requesting the page? by TedPride (Priest) on Jul 18, 2005 at 06:38 UTC
Why are you trying to do this exactly? It sounds inherently dangerous, since IP addresses can be spoofed. I hope you have some sort of secondary security system in place, since IP spoofing is the first thing I'd try if I were going to mess with a site.	[reply]
Re^2: [OT] Who is requesting the page? by waswas-fng (Curate) on Jul 18, 2005 at 19:02 UTC
The thing is, the HTML he is producing executes /usr/bin/ (i assume on his platform it opens a file explorer) from the local machine (ie the machine that is running the browser). There is no security risk. -Waswas	[reply]

Back to Seekers of Perl Wisdom