How to restrict Arduino webserver to respond only to particular web site

Hi,

I want the Arduino based webserver to respond only to requests from a particular website for e.g. www.xyz.com so that any request coming from any other source is rejected.

Any help is very much appreciated.

Thanks.

I want the Arduino based webserver to respond only to requests from a particular website

A website is not a client. Your browser running on your PC is.

With some modifications, the EthernetServer class can get the IP address of the client. You could use that to restrict access. I don't recommend that, but you could do it that way.

Authentication (user ID and password, encrypted) is more secure AND allows you to connect from anywhere. Consider, for instance, that typically, the IP address of your router is assigned by your internet service provider, and they change it about once a week. Consider, too, that you might at some point acquire a smart phone with browser that you might want to use to connect to the Arduino. Different IP address from the phone, changing periodically. A nightmare changing the Arduino sketch twice a week to accommodate changing IP addresses.

Thanks for your reply. I am planning to host a website with authentication and want to access the webserver from that site alone, so if anyone tries to access it from any other location (like directly typing the ip address of webserver) the webserver should reject that request. I hope you understand what I am planning to achieve.

You must parse the request header for the "Host:" parameter. If it is set to www.mydomain.com, then it is a request to your domain. If it is set to the ip address, then it was a request to the ip.

I am planning to host a website with authentication

on a web server somewhere. That server has a name?

and want to access the webserver from that site alone

Again, sites can't access servers.

If www.xyz.com is a web server, and you want all accesses to the Arduino-as-server to come from scripts on that server that is possible, and relatively easy, even. That server, if it's hosted by an ISP, should have a static IP address. The ArduinoServer class can be modified to get the client's IP address. That client will either be www.xyz.com or someone trying to bypass security. One IP address you'd recognize, and allow. The other you wouldn't.

Search for getClientID.

shoqa: I want the Arduino based webserver to respond only to requests from a particular website for e.g. www.xyz.com so that any request coming from any other source is rejected.

The question is confusing. Are you saying that your Arduino is hosting a web server, and you expect to receive HTTP requests from a particular domain (where you know there is some other web server running)? In this case the thing you're looking for is the client's domain name. Calling it a website is just confusing the issue.

The way to do this would be to obtain the client's IP address and then do a reverse DNS lookup to see what domain(s) were associated with that address - or you could do a forward lookup of your expected domain name and remember the returned IP addresses against each client's IP address.

Unfortunately the Arduino's peculiar implementation of network comms doesn't make this data available to you, as far as I can see. It would probably be possible to hack the Ethernet library to make this information available, and that would IMO be a reasonable change to make since it's something that a sensible networking API would be expected to provide.

The information you need is sent in what is called the “Referrer header”: http://en.wikipedia.org/wiki/HTTP_referer

The browser includes this header in the HTTP request to the server when it fetches a page in response to a click on a link.

You can read and parse the Referrer: header data from the HTTP request to your Arduino and confirm it matches the domain you wish to limit access to.

-br

billroy: You can read and parse the Referrer: header data from the HTTP request to your Arduino and confirm it matches the domain you wish to limit access to.

That indicates the page that was used to navigate to the Arduino's page. I'm not sure that's what the OP was asking for, although it might be. In any case it is not a good basis for access control since a malicious user could put whatever referrer value they wanted in a request header.

Anybody that has access to the original web page might just copy the page source, paste it in notepad, and make their own access web page.