How to see what source is call my website page PHP












0















I want to know if Its possible to see what resource is calling my website page (PHP file).

I have created an API PHP page which handles JSON POST data and saves it to the DB.

Now I would like to know what resource is calling my PHP page.

As example I'm using POSTMAN to post data to my page.

Is it possible to see that a call came from postman?.

Is that possible to get that information in PHP?






php json api postman







share|improve this question




















  • 2





    Check $_SERVER for all kind of info about request. Just know that it can't be 100% trusted.

    – Justinas
    Nov 22 '18 at 11:27






  • 2





    I think you're referring to user agent?

    – marvinIsSacul
    Nov 22 '18 at 11:29











  • I agree with @Justinas. You can check it in $_SERVER. If request is coming from postman then you will find HTTP_POSTMAN_TOKEN and HTTP_X_POSTMAN_INTERCEPTOR_ID keys in $_SERVER.

    – Hitesh Shrimali
    Nov 22 '18 at 12:13













  • Postman is just an example, I want to know where the call came from

    – user10663763
    Nov 22 '18 at 13:33
















0















I want to know if Its possible to see what resource is calling my website page (PHP file).

I have created an API PHP page which handles JSON POST data and saves it to the DB.

Now I would like to know what resource is calling my PHP page.

As example I'm using POSTMAN to post data to my page.

Is it possible to see that a call came from postman?.

Is that possible to get that information in PHP?






php json api postman







share|improve this question




















  • 2





    Check $_SERVER for all kind of info about request. Just know that it can't be 100% trusted.

    – Justinas
    Nov 22 '18 at 11:27






  • 2





    I think you're referring to user agent?

    – marvinIsSacul
    Nov 22 '18 at 11:29











  • I agree with @Justinas. You can check it in $_SERVER. If request is coming from postman then you will find HTTP_POSTMAN_TOKEN and HTTP_X_POSTMAN_INTERCEPTOR_ID keys in $_SERVER.

    – Hitesh Shrimali
    Nov 22 '18 at 12:13













  • Postman is just an example, I want to know where the call came from

    – user10663763
    Nov 22 '18 at 13:33














0












0








0








I want to know if Its possible to see what resource is calling my website page (PHP file).

I have created an API PHP page which handles JSON POST data and saves it to the DB.

Now I would like to know what resource is calling my PHP page.

As example I'm using POSTMAN to post data to my page.

Is it possible to see that a call came from postman?.

Is that possible to get that information in PHP?






php json api postman







share|improve this question
















I want to know if Its possible to see what resource is calling my website page (PHP file).

I have created an API PHP page which handles JSON POST data and saves it to the DB.

Now I would like to know what resource is calling my PHP page.

As example I'm using POSTMAN to post data to my page.

Is it possible to see that a call came from postman?.

Is that possible to get that information in PHP?






php json api postman




php json api postman






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 22 '18 at 12:00









Nedko Dimitrov

488515




488515










asked Nov 22 '18 at 11:23









user10663763user10663763

82




82








  • 2





    Check $_SERVER for all kind of info about request. Just know that it can't be 100% trusted.

    – Justinas
    Nov 22 '18 at 11:27






  • 2





    I think you're referring to user agent?

    – marvinIsSacul
    Nov 22 '18 at 11:29











  • I agree with @Justinas. You can check it in $_SERVER. If request is coming from postman then you will find HTTP_POSTMAN_TOKEN and HTTP_X_POSTMAN_INTERCEPTOR_ID keys in $_SERVER.

    – Hitesh Shrimali
    Nov 22 '18 at 12:13













  • Postman is just an example, I want to know where the call came from

    – user10663763
    Nov 22 '18 at 13:33














  • 2





    Check $_SERVER for all kind of info about request. Just know that it can't be 100% trusted.

    – Justinas
    Nov 22 '18 at 11:27






  • 2





    I think you're referring to user agent?

    – marvinIsSacul
    Nov 22 '18 at 11:29











  • I agree with @Justinas. You can check it in $_SERVER. If request is coming from postman then you will find HTTP_POSTMAN_TOKEN and HTTP_X_POSTMAN_INTERCEPTOR_ID keys in $_SERVER.

    – Hitesh Shrimali
    Nov 22 '18 at 12:13













  • Postman is just an example, I want to know where the call came from

    – user10663763
    Nov 22 '18 at 13:33








2




2





Check $_SERVER for all kind of info about request. Just know that it can't be 100% trusted.

– Justinas
Nov 22 '18 at 11:27





Check $_SERVER for all kind of info about request. Just know that it can't be 100% trusted.

– Justinas
Nov 22 '18 at 11:27




2




2





I think you're referring to user agent?

– marvinIsSacul
Nov 22 '18 at 11:29





I think you're referring to user agent?

– marvinIsSacul
Nov 22 '18 at 11:29













I agree with @Justinas. You can check it in $_SERVER. If request is coming from postman then you will find HTTP_POSTMAN_TOKEN and HTTP_X_POSTMAN_INTERCEPTOR_ID keys in $_SERVER.

– Hitesh Shrimali
Nov 22 '18 at 12:13







I agree with @Justinas. You can check it in $_SERVER. If request is coming from postman then you will find HTTP_POSTMAN_TOKEN and HTTP_X_POSTMAN_INTERCEPTOR_ID keys in $_SERVER.

– Hitesh Shrimali
Nov 22 '18 at 12:13















Postman is just an example, I want to know where the call came from

– user10663763
Nov 22 '18 at 13:33





Postman is just an example, I want to know where the call came from

– user10663763
Nov 22 '18 at 13:33












1 Answer
1






active

oldest

votes


















0














You can know some things about the request, for example:



1) IP address:



// Read the IP from who is really making the request (a user or a proxy)

$ipAddress = $_SERVER['REMOTE_ADDR'];

// Read the IP that the proxy is telling us making the request.

$ipAddress = isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : '';


If the source of the request is behind a proxy, $_SERVER['REMOTE_ADDR'] will have the IP of the proxy, so you can check the HTTP_X_FORWARDED_FOR header but can be easily spoofed, unless you have control of the proxy or is a trusted proxy.



2) User Agent:



// Using global $_SERVER

$userAgent = $_SERVER['HTTP_USER_AGENT'];



// Using get_browser function you can get an array with the information

$arrayBrowserInfo = get_browser($userAgent, true);


The User Agent is easily spoofed too, so you can't trust it's the correct one.



3) Referer:



$referer = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '';


The referer header is optional and no many browsers send to the XHR Requests.



If you are building an API, depending the use case may you can ask for a mandatory header or parameter in order to tell you more information of who is doing the request (Android App, iOS App, Website, etc.) Obviously, that can be easily spoofed.



So i don't recommend that using for security validations, but if you only want to know in order to log the calls for debug, may be useful.






share|improve this answer























    Your Answer






    StackExchange.ifUsing("editor", function () {
    StackExchange.using("externalEditor", function () {
    StackExchange.using("snippets", function () {
    StackExchange.snippets.init();
    });
    });
    }, "code-snippets");

    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "1"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53429885%2fhow-to-see-what-source-is-call-my-website-page-php%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    0














    You can know some things about the request, for example:



    1) IP address:



    // Read the IP from who is really making the request (a user or a proxy)
    
$ipAddress = $_SERVER['REMOTE_ADDR'];
    
// Read the IP that the proxy is telling us making the request.
    
$ipAddress = isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : '';


    If the source of the request is behind a proxy, $_SERVER['REMOTE_ADDR'] will have the IP of the proxy, so you can check the HTTP_X_FORWARDED_FOR header but can be easily spoofed, unless you have control of the proxy or is a trusted proxy.



    2) User Agent:



    // Using global $_SERVER
    
$userAgent = $_SERVER['HTTP_USER_AGENT'];
    

    
// Using get_browser function you can get an array with the information
    
$arrayBrowserInfo = get_browser($userAgent, true);


    The User Agent is easily spoofed too, so you can't trust it's the correct one.



    3) Referer:



    $referer = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '';


    The referer header is optional and no many browsers send to the XHR Requests.



    If you are building an API, depending the use case may you can ask for a mandatory header or parameter in order to tell you more information of who is doing the request (Android App, iOS App, Website, etc.) Obviously, that can be easily spoofed.



    So i don't recommend that using for security validations, but if you only want to know in order to log the calls for debug, may be useful.






    share|improve this answer




























      0














      You can know some things about the request, for example:



      1) IP address:



      // Read the IP from who is really making the request (a user or a proxy)
      
$ipAddress = $_SERVER['REMOTE_ADDR'];
      
// Read the IP that the proxy is telling us making the request.
      
$ipAddress = isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : '';


      If the source of the request is behind a proxy, $_SERVER['REMOTE_ADDR'] will have the IP of the proxy, so you can check the HTTP_X_FORWARDED_FOR header but can be easily spoofed, unless you have control of the proxy or is a trusted proxy.



      2) User Agent:



      // Using global $_SERVER
      
$userAgent = $_SERVER['HTTP_USER_AGENT'];
      

      
// Using get_browser function you can get an array with the information
      
$arrayBrowserInfo = get_browser($userAgent, true);


      The User Agent is easily spoofed too, so you can't trust it's the correct one.



      3) Referer:



      $referer = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '';


      The referer header is optional and no many browsers send to the XHR Requests.



      If you are building an API, depending the use case may you can ask for a mandatory header or parameter in order to tell you more information of who is doing the request (Android App, iOS App, Website, etc.) Obviously, that can be easily spoofed.



      So i don't recommend that using for security validations, but if you only want to know in order to log the calls for debug, may be useful.






      share|improve this answer


























        0












        0








        0







        You can know some things about the request, for example:



        1) IP address:



        // Read the IP from who is really making the request (a user or a proxy)
        
$ipAddress = $_SERVER['REMOTE_ADDR'];
        
// Read the IP that the proxy is telling us making the request.
        
$ipAddress = isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : '';


        If the source of the request is behind a proxy, $_SERVER['REMOTE_ADDR'] will have the IP of the proxy, so you can check the HTTP_X_FORWARDED_FOR header but can be easily spoofed, unless you have control of the proxy or is a trusted proxy.



        2) User Agent:



        // Using global $_SERVER
        
$userAgent = $_SERVER['HTTP_USER_AGENT'];
        

        
// Using get_browser function you can get an array with the information
        
$arrayBrowserInfo = get_browser($userAgent, true);


        The User Agent is easily spoofed too, so you can't trust it's the correct one.



        3) Referer:



        $referer = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '';


        The referer header is optional and no many browsers send to the XHR Requests.



        If you are building an API, depending the use case may you can ask for a mandatory header or parameter in order to tell you more information of who is doing the request (Android App, iOS App, Website, etc.) Obviously, that can be easily spoofed.



        So i don't recommend that using for security validations, but if you only want to know in order to log the calls for debug, may be useful.






        share|improve this answer













        You can know some things about the request, for example:



        1) IP address:



        // Read the IP from who is really making the request (a user or a proxy)
        
$ipAddress = $_SERVER['REMOTE_ADDR'];
        
// Read the IP that the proxy is telling us making the request.
        
$ipAddress = isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : '';


        If the source of the request is behind a proxy, $_SERVER['REMOTE_ADDR'] will have the IP of the proxy, so you can check the HTTP_X_FORWARDED_FOR header but can be easily spoofed, unless you have control of the proxy or is a trusted proxy.



        2) User Agent:



        // Using global $_SERVER
        
$userAgent = $_SERVER['HTTP_USER_AGENT'];
        

        
// Using get_browser function you can get an array with the information
        
$arrayBrowserInfo = get_browser($userAgent, true);


        The User Agent is easily spoofed too, so you can't trust it's the correct one.



        3) Referer:



        $referer = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '';


        The referer header is optional and no many browsers send to the XHR Requests.



        If you are building an API, depending the use case may you can ask for a mandatory header or parameter in order to tell you more information of who is doing the request (Android App, iOS App, Website, etc.) Obviously, that can be easily spoofed.



        So i don't recommend that using for security validations, but if you only want to know in order to log the calls for debug, may be useful.







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Nov 22 '18 at 21:31









        Leandro FerreroLeandro Ferrero

        734




        734






























            draft saved

            draft discarded




















































            Thanks for contributing an answer to Stack Overflow!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53429885%2fhow-to-see-what-source-is-call-my-website-page-php%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            -

            Popular posts from this blog

            Create new schema in PostgreSQL using DBeaver

            Image
            0 At the beginning of my current job I had limited access to DB but recently my role is changed to superuser, admin, and owner. My colleague who was the previous DB admin is able to create a schema or change the permissions as there is a permission tab in the properties and he can change permissions by clicking easily. Would you please let me know how I can create schema and change permissions as well? Why his dbeaver looks different from me? He can easily right click on the schema folder on top of all schemas on the left side column and select create new schema while I do not have that, like the following picture I found on the internet. postgresql database-schema dbeaver share | improve this question
            Read more

            Deepest pit of an array with Javascript: test on Codility

            Image
            0 $begingroup$ This is the question from a Codility test, as a task in an interview: DeepestPit - problem description A non-empty zero-indexed array A consisting of N integers is given. A pit in this array is any triplet of integers (P, Q, R) such that: ·         0 ≤ P < Q < R < N; ·         sequence [A[P], A[P+1], ..., A[Q]] is strictly decreasing, i.e. A[P] > A[P+1] > ... > A[Q]; ·         sequence A[Q], A[Q+1], ..., A[R] is strictly increasing, i.e. A[Q] < A[Q+1] < ... < A[R]. The depth of a pit (P, Q, R) is the number min {A[P] − A[Q], A[R] − A[Q]}. For example, consider array A consisting of 10 elements such that: A[0] = 0 A[1] = 1 A[2] = 3 A[3] = -2 A[4] = 0 A[5] = 1 A[6] = 0 A[7] = -3 A[8] = 2 A[9] = 3 Triplet (2, 3, 4) is
            Read more

            Costa Masnaga

            Image
            .mw-parser-output .avviso .mbox-text-div>div,.mw-parser-output .avviso .mbox-text-full-div>div{font-size:90%}.mw-parser-output .avviso .mbox-image div{width:52px}.mw-parser-output .avviso .mbox-text-full-div .hide-when-compact{display:block} Questa voce o sezione sull'argomento Lombardia non cita le fonti necessarie o quelle presenti sono insufficienti . Puoi migliorare questa voce aggiungendo citazioni da fonti attendibili secondo le linee guida sull'uso delle fonti. Segui i suggerimenti del progetto di riferimento. Costa Masnaga comune Localizzazione Stato   Italia Regione Lombardia Provincia Lecco Amministrazione Sindaco Sabina Panzeri (Al centro il cittadino) dall'08/06/2009 Territorio Coordinate 45°46′N 9°17′E  /  45.766667°N 9.283333°E 45.766667; 9.283333  ( Costa Masnaga ) Coordinate: 45°46′N 9°17′E  /  45.766667°N 9.283333°E 45.766667; 9.283333  ( Costa Masnaga ) Altitudine 318 m s.l.m
            Read more