Working on a data collection application using mobile sms.
when a customer send a sms lets say
SMS content
Demo CET 100-50030-2320-1000
when the sms reach the mobile serive provider it send a GET request on my server
http://domainname.com/demo.aspx?mno=9828958745&sms=CET+100-50030-2320-1000
Now the problem is some hackers are sending GET request from there PC browser and all the data is getting missed and server is getting overload
I want to know which request is from a computer(mobile server) and which are from browser.
thanks in advance
Regards
Check if the request for a page is coming from a server not a browser.
If your service is not meant to be accessible publicly you have to protect it instead of publishing it on the internet. Some wasy to protect it:
HTTP Authentication
IP restrictions in firewall.
IP restrictions in the service.
Virtual Private Network.
Related
I am not sure the title of the posting truly describes my issue but here is what's happening, in more details. I have an ASP.Net MVC application that redirects to a page hosted in an external system. This external hosted page is used to enter the details of a credit card in order to process a payment. Once the payment is processed, the hosted payment page is sending an HTTP POST to a webhook URL which was provided by me, when the transfer to the HPP was made. I have a Web API controller in my ASP.Net MVC application and this will be used to receive the webhook call. Now, to test it while I am running everything locally, I had to use ngrok to create a private tunnel between the HPP and my local Web API endpoint.
I have a breakpoint in my Web API controller and I am getting the data sent by the HPP, data that contains details about the approved payment. The controller responds with an HTTP 200 which I see it in the ngrok console:
For some reasons, this HTTP 200 is not propagated back to the HPP which should display a back button to yield control back to my web application where we all started in the first place. Instead, the browser is directed to an URL which is the exact URL for the webhook, the one that was provided when the transfer to the HPP is made:
Any idea why this is happening? Is the ngrok not returning the HTTP 200 back to the caller, which is the hosted payment page?
Any suggestions would be greatly appreciated.
TIA,
Eddie
Turns out that this is not an issue with ngrok. The remote Hosted Payment Page (HPP) is not sending an HTTP POST to a RESTful endpoint, as I erroneously assumed. Insted it is returning to a specified URL and sends the response as hidden fields.
So if anyone is ever facing the same situation, please make sure you understand exactly the behaviour of the remote server. This could send the response as an HTTP POST sent to a specified URL or could yield the control back to your application by means of navigation where the response is send as hidden fields (HTTP POST with content of type "application/x-www-form-urlencoded").
I'm building an API with Rails that is going to receive HTTP requests from other sites.
Every time a new request is issued, I need to know in my app if this site has already sent this request. So, I'm wondering if there is a way to uniquely identify the site sending the request. I'm thinking of using request.remote_ip however if the site is on a shared hosting, it would share the same IP address with other sites.
Is there any other way to identify the remote origin?
If the request is issued from an API client then the IP is all you have that you can (somewhat) rely on.
And as you mentioned this is not really unique (proxy, shared hosting, ...).
If I have a link in an MVC application hosted on Azure:
Call web service
At the moment we are having difficulty connecting to the URL, which is a SOAP web service. We get an error 'site cannot be reached'.
Just to rule something out - what IP address would the service see this request coming from - my local (browser) or the server?
The request would come from your IP.
We have used Erlang/Cowboy to develop a simple chatting service based on WebSockets. Right now, We are using localhost:8080 to connect server.
I want to do user authentication, that will be done based on the URL parameter, and it will return user id or none for the connection.
How to do that?
Before the websocket exchange, you can ask a token to your application and use it with your websocket client.
I am investigating the possibility of integrating Box API calls from an internal application that sits behind our firewall (it is not exposed to the outside world).
So the question is, if we fire off an authentication request to Box with a callback URI, does Box post back directly to the specified call back URI (so essentially its initiating a new request from Box to the client), or does it send a request back to the client who made the request (standard HTTP request/response), and expect the client to redirect to the call back URI with the tokens?
This might sound an odd question, but during my investigation it appears this is how the Twitter OAUTH protocol works, and if so would help us a lot as we don't want to open up the firewall to the outside world.
See here for info: https://dev.twitter.com/discussions/5801
EDIT: Just found this which seems to suggest that the client will always initiate the request, never the server: https://stackoverflow.com/a/6116736/811108
Many thanks in advance.
A typical user journey for OAuth on Box would like like this:
User's browser requests www.someboxapp.com and the user clicks a login button
User's browser requests the Box authentication URL which begins with https://www.box.com/api/oauth2/authorize
User authenticates on the Box authorize webpage and then the Box site sends a 302 redirect header back to the users browser. This header tells the user's browser to request the the redirect_uri configured by www.someboxapp.com
User's browser requests the redirect URL on www.someboxapp.com - e.g. http://www.someboxapp.com/oauth/redirect_uri
The Box Application running on www.someboxapp.com makes a POST request to https://www.box.com/api/oauth2/token to complete the authentication and get an access token for using the Box API on behalf of the user.
What this means is that if you are running a Box web app on your internal network - you need to make sure that the webserver running the application and the users' machines can connect to https://www.box.com/api/oauth2/
If www.someboxapp.com only exists on your local network - that is fine - the Box API does not need to connect to this host.