How to see what source is call my website page PHP












0















I want to know if Its possible to see what resource is calling my website page (PHP file).

I have created an API PHP page which handles JSON POST data and saves it to the DB.

Now I would like to know what resource is calling my PHP page.

As example I'm using POSTMAN to post data to my page.

Is it possible to see that a call came from postman?.

Is that possible to get that information in PHP?






php json api postman







share|improve this question




















  • 2





    Check $_SERVER for all kind of info about request. Just know that it can't be 100% trusted.

    – Justinas
    Nov 22 '18 at 11:27






  • 2





    I think you're referring to user agent?

    – marvinIsSacul
    Nov 22 '18 at 11:29











  • I agree with @Justinas. You can check it in $_SERVER. If request is coming from postman then you will find HTTP_POSTMAN_TOKEN and HTTP_X_POSTMAN_INTERCEPTOR_ID keys in $_SERVER.

    – Hitesh Shrimali
    Nov 22 '18 at 12:13













  • Postman is just an example, I want to know where the call came from

    – user10663763
    Nov 22 '18 at 13:33
















0















I want to know if Its possible to see what resource is calling my website page (PHP file).

I have created an API PHP page which handles JSON POST data and saves it to the DB.

Now I would like to know what resource is calling my PHP page.

As example I'm using POSTMAN to post data to my page.

Is it possible to see that a call came from postman?.

Is that possible to get that information in PHP?






php json api postman







share|improve this question




















  • 2





    Check $_SERVER for all kind of info about request. Just know that it can't be 100% trusted.

    – Justinas
    Nov 22 '18 at 11:27






  • 2





    I think you're referring to user agent?

    – marvinIsSacul
    Nov 22 '18 at 11:29











  • I agree with @Justinas. You can check it in $_SERVER. If request is coming from postman then you will find HTTP_POSTMAN_TOKEN and HTTP_X_POSTMAN_INTERCEPTOR_ID keys in $_SERVER.

    – Hitesh Shrimali
    Nov 22 '18 at 12:13













  • Postman is just an example, I want to know where the call came from

    – user10663763
    Nov 22 '18 at 13:33














0












0








0








I want to know if Its possible to see what resource is calling my website page (PHP file).

I have created an API PHP page which handles JSON POST data and saves it to the DB.

Now I would like to know what resource is calling my PHP page.

As example I'm using POSTMAN to post data to my page.

Is it possible to see that a call came from postman?.

Is that possible to get that information in PHP?






php json api postman







share|improve this question
















I want to know if Its possible to see what resource is calling my website page (PHP file).

I have created an API PHP page which handles JSON POST data and saves it to the DB.

Now I would like to know what resource is calling my PHP page.

As example I'm using POSTMAN to post data to my page.

Is it possible to see that a call came from postman?.

Is that possible to get that information in PHP?






php json api postman




php json api postman






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 22 '18 at 12:00









Nedko Dimitrov

488515




488515










asked Nov 22 '18 at 11:23









user10663763user10663763

82




82








  • 2





    Check $_SERVER for all kind of info about request. Just know that it can't be 100% trusted.

    – Justinas
    Nov 22 '18 at 11:27






  • 2





    I think you're referring to user agent?

    – marvinIsSacul
    Nov 22 '18 at 11:29











  • I agree with @Justinas. You can check it in $_SERVER. If request is coming from postman then you will find HTTP_POSTMAN_TOKEN and HTTP_X_POSTMAN_INTERCEPTOR_ID keys in $_SERVER.

    – Hitesh Shrimali
    Nov 22 '18 at 12:13













  • Postman is just an example, I want to know where the call came from

    – user10663763
    Nov 22 '18 at 13:33














  • 2





    Check $_SERVER for all kind of info about request. Just know that it can't be 100% trusted.

    – Justinas
    Nov 22 '18 at 11:27






  • 2





    I think you're referring to user agent?

    – marvinIsSacul
    Nov 22 '18 at 11:29











  • I agree with @Justinas. You can check it in $_SERVER. If request is coming from postman then you will find HTTP_POSTMAN_TOKEN and HTTP_X_POSTMAN_INTERCEPTOR_ID keys in $_SERVER.

    – Hitesh Shrimali
    Nov 22 '18 at 12:13













  • Postman is just an example, I want to know where the call came from

    – user10663763
    Nov 22 '18 at 13:33








2




2





Check $_SERVER for all kind of info about request. Just know that it can't be 100% trusted.

– Justinas
Nov 22 '18 at 11:27





Check $_SERVER for all kind of info about request. Just know that it can't be 100% trusted.

– Justinas
Nov 22 '18 at 11:27




2




2





I think you're referring to user agent?

– marvinIsSacul
Nov 22 '18 at 11:29





I think you're referring to user agent?

– marvinIsSacul
Nov 22 '18 at 11:29













I agree with @Justinas. You can check it in $_SERVER. If request is coming from postman then you will find HTTP_POSTMAN_TOKEN and HTTP_X_POSTMAN_INTERCEPTOR_ID keys in $_SERVER.

– Hitesh Shrimali
Nov 22 '18 at 12:13







I agree with @Justinas. You can check it in $_SERVER. If request is coming from postman then you will find HTTP_POSTMAN_TOKEN and HTTP_X_POSTMAN_INTERCEPTOR_ID keys in $_SERVER.

– Hitesh Shrimali
Nov 22 '18 at 12:13















Postman is just an example, I want to know where the call came from

– user10663763
Nov 22 '18 at 13:33





Postman is just an example, I want to know where the call came from

– user10663763
Nov 22 '18 at 13:33












1 Answer
1






active

oldest

votes


















0














You can know some things about the request, for example:



1) IP address:



// Read the IP from who is really making the request (a user or a proxy)

$ipAddress = $_SERVER['REMOTE_ADDR'];

// Read the IP that the proxy is telling us making the request.

$ipAddress = isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : '';


If the source of the request is behind a proxy, $_SERVER['REMOTE_ADDR'] will have the IP of the proxy, so you can check the HTTP_X_FORWARDED_FOR header but can be easily spoofed, unless you have control of the proxy or is a trusted proxy.



2) User Agent:



// Using global $_SERVER

$userAgent = $_SERVER['HTTP_USER_AGENT'];



// Using get_browser function you can get an array with the information

$arrayBrowserInfo = get_browser($userAgent, true);


The User Agent is easily spoofed too, so you can't trust it's the correct one.



3) Referer:



$referer = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '';


The referer header is optional and no many browsers send to the XHR Requests.



If you are building an API, depending the use case may you can ask for a mandatory header or parameter in order to tell you more information of who is doing the request (Android App, iOS App, Website, etc.) Obviously, that can be easily spoofed.



So i don't recommend that using for security validations, but if you only want to know in order to log the calls for debug, may be useful.






share|improve this answer























    Your Answer






    StackExchange.ifUsing("editor", function () {
    StackExchange.using("externalEditor", function () {
    StackExchange.using("snippets", function () {
    StackExchange.snippets.init();
    });
    });
    }, "code-snippets");

    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "1"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53429885%2fhow-to-see-what-source-is-call-my-website-page-php%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    0














    You can know some things about the request, for example:



    1) IP address:



    // Read the IP from who is really making the request (a user or a proxy)
    
$ipAddress = $_SERVER['REMOTE_ADDR'];
    
// Read the IP that the proxy is telling us making the request.
    
$ipAddress = isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : '';


    If the source of the request is behind a proxy, $_SERVER['REMOTE_ADDR'] will have the IP of the proxy, so you can check the HTTP_X_FORWARDED_FOR header but can be easily spoofed, unless you have control of the proxy or is a trusted proxy.



    2) User Agent:



    // Using global $_SERVER
    
$userAgent = $_SERVER['HTTP_USER_AGENT'];
    

    
// Using get_browser function you can get an array with the information
    
$arrayBrowserInfo = get_browser($userAgent, true);


    The User Agent is easily spoofed too, so you can't trust it's the correct one.



    3) Referer:



    $referer = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '';


    The referer header is optional and no many browsers send to the XHR Requests.



    If you are building an API, depending the use case may you can ask for a mandatory header or parameter in order to tell you more information of who is doing the request (Android App, iOS App, Website, etc.) Obviously, that can be easily spoofed.



    So i don't recommend that using for security validations, but if you only want to know in order to log the calls for debug, may be useful.






    share|improve this answer




























      0














      You can know some things about the request, for example:



      1) IP address:



      // Read the IP from who is really making the request (a user or a proxy)
      
$ipAddress = $_SERVER['REMOTE_ADDR'];
      
// Read the IP that the proxy is telling us making the request.
      
$ipAddress = isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : '';


      If the source of the request is behind a proxy, $_SERVER['REMOTE_ADDR'] will have the IP of the proxy, so you can check the HTTP_X_FORWARDED_FOR header but can be easily spoofed, unless you have control of the proxy or is a trusted proxy.



      2) User Agent:



      // Using global $_SERVER
      
$userAgent = $_SERVER['HTTP_USER_AGENT'];
      

      
// Using get_browser function you can get an array with the information
      
$arrayBrowserInfo = get_browser($userAgent, true);


      The User Agent is easily spoofed too, so you can't trust it's the correct one.



      3) Referer:



      $referer = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '';


      The referer header is optional and no many browsers send to the XHR Requests.



      If you are building an API, depending the use case may you can ask for a mandatory header or parameter in order to tell you more information of who is doing the request (Android App, iOS App, Website, etc.) Obviously, that can be easily spoofed.



      So i don't recommend that using for security validations, but if you only want to know in order to log the calls for debug, may be useful.






      share|improve this answer


























        0












        0








        0







        You can know some things about the request, for example:



        1) IP address:



        // Read the IP from who is really making the request (a user or a proxy)
        
$ipAddress = $_SERVER['REMOTE_ADDR'];
        
// Read the IP that the proxy is telling us making the request.
        
$ipAddress = isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : '';


        If the source of the request is behind a proxy, $_SERVER['REMOTE_ADDR'] will have the IP of the proxy, so you can check the HTTP_X_FORWARDED_FOR header but can be easily spoofed, unless you have control of the proxy or is a trusted proxy.



        2) User Agent:



        // Using global $_SERVER
        
$userAgent = $_SERVER['HTTP_USER_AGENT'];
        

        
// Using get_browser function you can get an array with the information
        
$arrayBrowserInfo = get_browser($userAgent, true);


        The User Agent is easily spoofed too, so you can't trust it's the correct one.



        3) Referer:



        $referer = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '';


        The referer header is optional and no many browsers send to the XHR Requests.



        If you are building an API, depending the use case may you can ask for a mandatory header or parameter in order to tell you more information of who is doing the request (Android App, iOS App, Website, etc.) Obviously, that can be easily spoofed.



        So i don't recommend that using for security validations, but if you only want to know in order to log the calls for debug, may be useful.






        share|improve this answer













        You can know some things about the request, for example:



        1) IP address:



        // Read the IP from who is really making the request (a user or a proxy)
        
$ipAddress = $_SERVER['REMOTE_ADDR'];
        
// Read the IP that the proxy is telling us making the request.
        
$ipAddress = isset($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : '';


        If the source of the request is behind a proxy, $_SERVER['REMOTE_ADDR'] will have the IP of the proxy, so you can check the HTTP_X_FORWARDED_FOR header but can be easily spoofed, unless you have control of the proxy or is a trusted proxy.



        2) User Agent:



        // Using global $_SERVER
        
$userAgent = $_SERVER['HTTP_USER_AGENT'];
        

        
// Using get_browser function you can get an array with the information
        
$arrayBrowserInfo = get_browser($userAgent, true);


        The User Agent is easily spoofed too, so you can't trust it's the correct one.



        3) Referer:



        $referer = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '';


        The referer header is optional and no many browsers send to the XHR Requests.



        If you are building an API, depending the use case may you can ask for a mandatory header or parameter in order to tell you more information of who is doing the request (Android App, iOS App, Website, etc.) Obviously, that can be easily spoofed.



        So i don't recommend that using for security validations, but if you only want to know in order to log the calls for debug, may be useful.







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Nov 22 '18 at 21:31









        Leandro FerreroLeandro Ferrero

        734




        734






























            draft saved

            draft discarded




















































            Thanks for contributing an answer to Stack Overflow!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53429885%2fhow-to-see-what-source-is-call-my-website-page-php%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            -

            Popular posts from this blog

            Costa Masnaga

            Image
            .mw-parser-output .avviso .mbox-text-div>div,.mw-parser-output .avviso .mbox-text-full-div>div{font-size:90%}.mw-parser-output .avviso .mbox-image div{width:52px}.mw-parser-output .avviso .mbox-text-full-div .hide-when-compact{display:block} Questa voce o sezione sull'argomento Lombardia non cita le fonti necessarie o quelle presenti sono insufficienti . Puoi migliorare questa voce aggiungendo citazioni da fonti attendibili secondo le linee guida sull'uso delle fonti. Segui i suggerimenti del progetto di riferimento. Costa Masnaga comune Localizzazione Stato   Italia Regione Lombardia Provincia Lecco Amministrazione Sindaco Sabina Panzeri (Al centro il cittadino) dall'08/06/2009 Territorio Coordinate 45°46′N 9°17′E  /  45.766667°N 9.283333°E 45.766667; 9.283333  ( Costa Masnaga ) Coordinate: 45°46′N 9°17′E  /  45.766667°N 9.283333°E 45.766667; 9.283333  ( Costa Masnaga ) Altitudine 318 m s.l.m...
            Read more

            Fotorealismo

            Image
            Guerrino Boatto, Venice's St. Barnaba Church and canal Il fotorealismo è un genere di pittura basato sull'uso di una o più fotografie dalle quali l'artista prende le informazioni necessarie da utilizzare poi nel processo della creazione dell'opera, in genere ad olio o ad acrilico, al fine di avere un aspetto finale il più simile possibile alla fotografia. Indice 1 Storia 2 Lista dei fotorealisti 3 Note 4 Voci correlate 5 Altri progetti Storia | Il fotorealismo è un movimento che nasce negli Stati Uniti d'America alla fine degli anni sessanta [1] sulla scia della Pop Art [2] [3] [4] , e insieme condividono il carattere reazionario verso la travolgente ascesa dei media, che alla metà del ventesimo secolo si trasforma in un fenomeno di massa talmente imponente da minacciare il valore dell'immagine nell'arte. [5] [6] Ne consegue così che, colto il gesto d'inizio che fu della Pop Art, i fotorealisti aprono ad un ...
            Read more

            Sidney Franklin

            Image
            Questa voce sull'argomento registi statunitensi è solo un abbozzo . Contribuisci a migliorarla secondo le convenzioni di Wikipedia. Sidney Franklin, foto di Carl Van Vechten Oscar alla memoria Irving G. Thalberg 1943 Sidney Franklin , all'anagrafe Sidney Arnold Franklin , (San Francisco, 21 marzo 1893 – Santa Monica, 18 maggio 1972), è stato un regista, produttore cinematografico e attore statunitense. Il 20 giugno 1963, si sposò con l'attrice australiana Enid Bennett. Il matrimonio durò fino alla morte dell'attrice, il 14 maggio 1969 [1] Indice 1 Filmografia 1.1 Regista 1.2 Aiuto regia (parziale) 1.3 Produttore 1.4 Attore (parziale) 2 Note 3 Altri progetti 4 Collegamenti esterni Filmografia | Regista | The Baby , co-regia Chester M. Franklin (1915) The Rivals , co-regia Chester M. Franklin (1915) Little Dick's First Case , co-regia Chester M. Franklin (1915) Her Filmland Hero , co-...
            Read more