Protecting my website content from being downloaded through cURL

Question

I heard about external access of a website using curl by the following code:

$curl_handle=curl_init();
curl_setopt($curl_handle,CURLOPT_URL,'http://example.com');
$buffer=curl_exec($curl_handle);
curl_close($curl_handle);

I want to protect my website from this external access. I am using PHP. How can I protect my web site?

Answer 1

This is no more dangerous than anyone accessing through your website with a browser; in fact, this is what curl is as far as your question is concerned: a web browser and nothing more.

If you have security vulnerabilities, they will be broken. If not, they won't. curl, however, does not amplify or diminish any vulnerabilities whatsoever; it is merely a way for a PHP script to access another website (typically through HTTP).

If you want to prevent content from being downloaded, you can block incoming HTTP requests, but this defeats the purpose of a web site, since web browsers make identical requests (and can also download content).

Answer 2

If you mean "how do I protect my website against being accessed by a program other than a browser", the answer is pretty much "you can't." A browser is just a program that sends HTTP requests. You can play the game of trying to reject HTTP requests that look like they don't come from a browser, but it's trivially easy for an arbitrary program (one using curl, or Perl/Python/Ruby libraries) to mimic the headers that a "real" browser sends.