How to Block wp_remote_request() from specific domain?

  • Resolved Giang Le

    (@gianghl1983)


    5 years, 8 months ago

    Hi,

    I make a site selling digital stuff via API key (1key).

    On client site, they will send this request after enter API to my website:

    $url = 'mysite.com/v/1/api-blabla';
$args = array(
			  'headers' => array(
			    'version' => '2.1+',
			    'auth' => md5($APIKey)
			  ),
			  'timeout' => 15,
			);

$result = wp_remote_request($url, $args);
$status = wp_remote_retrieve_response_code($result);

    How can I use Ninja Firewall to Block request from some domains such as (abc.com)…

    Thanks!

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author nintechnet

    (@nintechnet)

    Hi,

    You cannot block a request from a domain name (acb.com) because it is not sent with the HTTP request. Only the domain IP is sent.
    If you want to block a domain, you would need to modify your script, for instance:

    'headers' => array(
   'version' => '2.1+',
   'auth' => md5($APIKey),
   'domain' => home_url('/')
),

    Then your API could verify the value of ‘domain’.

    Thread Starter Giang Le

    (@gianghl1983)

    @nintechnet Thank you! I understood. My problem is that I could not alter $args because it is on clients’ website. Sadly! ??

    Plugin Author nintechnet

    (@nintechnet)

    You can take the connection IP and use the PHP gethostbyaddr function to get the host name. But this is not 100% reliable, because on a shared hosting account, the host name maybe the server name, not the sites hosted on the server because they will all share the same IP.

    Thread Starter Giang Le

    (@gianghl1983)

    @nintechnet Thank you! I will go with IP block.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘How to Block wp_remote_request() from specific domain?’ is closed to new replies.