Add ability to check $_SERVER['REMOTE_ADDR'] for incoming post requests (submitting new reports over Open311) against the IP address for the API key or client -- reject unless match.
Get comma-separated IP address lists from both api_keys and clients table, and use that as a whitelist?
This is in anticipation of FMS-endpoint sometimes not being run over https+htauth for example; it's not equivalent, but it potentially lessens abuse.
Add ability to check $_SERVER['REMOTE_ADDR'] for incoming post requests (submitting new reports over Open311) against the IP address for the API key or client -- reject unless match.
Get comma-separated IP address lists from both api_keys and clients table, and use that as a whitelist?
This is in anticipation of FMS-endpoint sometimes not being run over https+htauth for example; it's not equivalent, but it potentially lessens abuse.