How to make the file accessible only through its own server?

Question

I've added this in the .htaccess the file located in the root of the project:

<Files *.php>
    Require host lamtakam.test lamtakam.com
    Require ip ::1 95.216.xx.xx
</Files>

I've used xx.xx to keep my real ip hidden in a public community, in reality, there are numbers instead of xs.

Now I need to call a file daily (using a cron job crontab) from the same server, something like this:

0 22 * * * wget /path/to/file.php

But I get this error:

--2020-09-13 13:33:55--  https://lamtakam.com/path/to/file.php
Resolving lamtakam.com (lamtakam.com)... 104.31.74.192, 172.67.174.239, 104.31.75.192, ...
Connecting to lamtakam.com (lamtakam.com)|104.31.74.192|:443... connected.
HTTP request sent, awaiting response... 403 Forbidden
2020-09-13 13:33:55 ERROR 403: Forbidden.

Note: I use Cloudflare and these IPs belongs to it: 104.31.74.192, 172.67.174.239, 104.31.75.192

Any idea how can I make file.php accessible when I can it from the same server? (And not from anywhere else)

Answer 1

You can trick the server via adding the following record in your /etc/hosts file, that server as local DNS, thus the Cloudflare's DNS setup will be ignored:

95.216.xx.xx lamtakam.com

You can't use https:// for localhost/ because the SSL/HTTPS certificates are issued for a concrete domain name, i.e. lamtakam.com, etc.

You could bind lamtakam.com and probably lamtakam.test to the loop back interface (127.0.0.1 for IPv4 and ::1 for IPv6) by modifying the relevant line of /etc/hosts in this way:

127.0.0.1 localhost lamtakam.com www.lamtakam.com lamtakam.test www.lamtakam.test

In this case you should edit the .htaccess file in a way as this:

<Files *.php>
    Require host lamtakam.test lamtakam.com
    Require ip 127.0.0.1
</Files>

• Note ::1 is the IPv6 loopback interface, but we didn't created an appropriate entry in the /etc/hosts file, so we do not need impossible require rule for that IP.

This second approach (by using the loopback interface) is more flexible, because even you change the server's public IP you wont need to change your .htaccess setup.