Easy Security for PHP Scripts
Dec 19, 2008 · 1 minute readCategory: phpsecurity
This is post is now quite old and the the information it contains may be out of date or innacurate.
If you find any errors or have any suggestions to update the information please let us know or create a pull request on GitHub
This isn’t bullet proof protection, but it helps.
//IP addresses that you would like to be able to access the system
$allowed_ips[] = '99.99.99.01';
$allowed_ips[] = '99.99.99.02';
$allowed_ips[] = '99.99.99.03';
if(!in_array($_SERVER['REMOTE_ADDR'], $allowed_ips)){
header('HTTP/1.1 500 Internal Server Error');
exit();
}
//Force SSL Usage
if($_SERVER['SERVER_PORT'] != 443){ //assuming your server is running SSL on port 443
$url = "https://".$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
header('Location: '.$url);
}