Laravel White List Domain Authentication

Question

Laravel White List Domain Authentication

I am looking for a better way to allow certain domains access to my laravel application. I am currently using Laravel 5.1 and using Middleware to redirect if the referenced domain is not in the white list domains.

class Whitelist {

    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */

    public function handle($request, Closure $next)
    {
        //requesting URL
        $referer = Request::server('HTTP_REFERER');

        //parse url to match base in table
        $host = parse_url($referer, PHP_URL_HOST);
        $host = str_replace("www.", "", $host);

        //Cached query to whitelisted domains - 1400 = 24 hours
        $whiteList = Cache::remember('whitelist_domains', 1400, function(){
            $query = WhiteListDomains::lists('domain')->all();
            return $query;
        });

        //Check that referring domain is whitelisted or itself?
        if(in_array($host, $whiteList)){
            return $next($request);
        }else{
            header('HTTP/1.0 403 Forbidden');
            die('You are not allowed to access this file.');
        }
    }
}

Is there a better way to do this, or am I on the right track?

Any help would be appreciated.

Thanks.

+4

authentication dns middleware laravel whitelist

StraightOuttaProcesses Sep 14 '15 at 14:26

source share

1 answer

Roderik · Answer 1 · 2017-10-21T19:37:47+0000

You are on the right track, the implementation seems beautiful.

However, do not trust HTTP_REFERER as an authentication / identification tool, as it can be easily modified.

Laravel White List Domain Authentication

More articles: