4

I would like to expose a service written in Perl to localhost HTTP requests. I do not want to modify Apache configuration. How to check whether a Perl CGI HTTP request originates from localhost?

I want for this check to succeed even if this call is made through a virtual host eg. https://www.myserivce.com/hidden/service.pl given that the call is made from inside of www.myserivce.com.

Improve this question
3
  • You haven't explained what problems you ran into when trying to accomplish this. In particular, I don't understand what it is at the moment that's stopping your Perl script from doing this. Commented Oct 11, 2011 at 12:31
  • The problem is that remote_addr() sometimes returns "127.0.0.1" and sometimes some other addresses. Commented Oct 11, 2011 at 12:52
  • Let's see some examples of these results, and the code that obtains them. Commented Oct 11, 2011 at 12:53

3 Answers 3

Reset to default
10

REMOTE_ADDR, but that's a dumb way to do it because you put the authentication logic in the application.

Instead, bind a stand-alone Web server to local interface only, thus the operating system's IP/networking stack guarantees that no request from outside can reach the server.

Improve this answer
Sign up to request clarification or add additional context in comments.

8 Comments

And what should I check with REMOTE_ADDR ? It returns 127.0.0.1 but sometimes it returns IP of the interface (I do not have control over machine to start a web server)
Check it against localhost IP addresses (in 127.0.0.0/8 and ::1/128, let Net::CIDR::Lite assist you) or the address of the interface. If the test fails, reject the request.
Doesn't work - I get public 194.xx.xx.xx address, even though the request comes from localhost.
Yes, I have understood that; also, when you use a hostname which resolves to the IP address of the public interface, that's not really localhost - this word has a specific meaning. Anyway, the word or in my previous comment is indeed the Boolean logical or. Apply this information.
@agsamek: Your demand for code is offensive. Demonstrate a willingness to learn and to gain understanding, please.
|
1
+50

I think that if you put in /etc/hosts file an entry with myservice.com and ip 127.0.0.1 then all the requests from localhost to your site will have the REMOTE_ADDR set to 127.0.0.1 .

I am afraid that this is the only way to do it, unless you are making requests to 127.0.0.1/hidden/service.pl instead of myservice.com/hidden/service.pl

Improve this answer

Comments

0

I have used the following code:

my $server_addr = inet_ntoa(scalar gethostbyname(hostname() || 'localhost'));
my $call_addr = $query->remote_addr();
die unless $call_addr eq "127.0.0.1" || $call_addr eq $server_addr;

I do not think it covers all cases, but seems to work with my setup. If anybody knows a generic solution then please submit it here.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.