How to redirect an entire range/block of IP addresses with PHP?

Question

Hello all, I'm using the following snippet to redirect an array of IP addresses. I was wondering how I would go about adding an entire range/block of IP addresses to my dissallowed array...

<?php // Let's redirect certain IP addresses to a "Page Not Found"
$disallowed = array("76.105.99.106");
$ip = $_SERVER['REMOTE_ADDR']; 

if(in_array($ip, $disallowed)) {
 header("Location: http://google.com");
 exit;
}
?>

I tried using "76.105.99.*", "76.105.99", "76.105.99.0-76.105.99.255" without any luck.

I need to use PHP rather than mod_rewrite and .htaccess for other reasons.

Answer 1

It would be better to do this in apache(or any other server)

Answer 2

Who exactly are you interested in blocking? You can use PHP or apache to block (or allow) a bunch of specific IP addresses.

If you are interested in blocking people from an entire country for example, then there are tools that give you the IP addresses you need to block. Unfortunately, it's not as simple as just specifying a range.

Check out http://www.blockacountry.com/ which generates a bunch of ip addresses you can stick in your .htaccess to block whole countries.

Answer 3

Try the substr function:

$ip = '76.105.99.';
if (substr($_SERVER['REMOTE_ADDR'], 0, strlen($ip)) === $ip) {
    // deny access
}

Answer 4

I believe that you'll need to create a for loop to add each IP address (within the range) to your array.

pseudo code

for i = 0 to 255
    disallowed[i] = "76.105.99." + i
next

Answer 5

Here's an example of how you could check a particular network/mask combination:

$network=ip2long("76.105.99.0");
$mask=ip2long("255.255.255.0");
$remote=ip2long($_SERVER['REMOTE_ADDR']);

if (($remote & $mask)==$network)
{
    header("Location: http://example.com");
    exit;
}

This is better than using a string based match as you can test other masks that align within an octet, e.g. a /20 block of IPs

Answer 6

You can approach the problem in a different way.

If you want to ban 76.105.99.* you could do:

if (strpos($_SERVER['REMOTE_ADDR'], "76.105.99.")!==FALSE)
{
    header ('Location: http://google.com');
}

Answer 7

What you need to do is to have a test to see if a particular address lives inside a particular address range as defined by CIDR

So for instance, you need to be able to say

is 192.168.1.5

inside

192.168.1.0/24

That function is easy to write, assuming you have some basic tools to do CIDR work.

Assuming you are on a 32bit system, this class http://snipplr.com/view/15557/cidr-class-for-ipv4/ Pay attention to the IPisWithinCIDR function