In there an easy way to do this in PHP. I want to make sure that only web requests from certain countries are able to access my website.
Any ideas?
A:
There are certain classes that can detect the locale of the user agent. Try something like that. Zend Framework has a great class for this Zend_Locale
Mote
2008-10-03 14:23:11
Doesn't a "Locale" just tell how a client is configured not where it is? Couldn't someone have their Locale set to "en_US" but be in Australia?
Dave Webb
2008-10-03 14:41:19
Yeah exactly, the locale is the language of the browser, nothing to do with location.
Gilles
2008-10-03 14:52:59
+12
A:
Use an IP geolocation database (some are free) and $_SERVER["REMOTE_ADDR"] to get the visitor's IP address.
http://www.maxmind.com/app/geolitecity is a free (less accurate) version of a commercial one.
Gilles
2008-10-03 14:24:04
+4
A:
Both of the answers (geolocation, user agent) will work but can be defeated. Someone can use a proxy server, or change their user agent. Firefox even has a plugin for that purpose.
CheeZe5
2008-10-03 14:40:27
Proxies can be blocked at a low protocol level. Hulu.com does just that. User agents have nothing to do with the problem here.
Gilles
2008-10-03 14:51:44
How are you going to reliably block all proxies? The only reliable solution is blacklisting, but new proxies pop up all the time.
ceejayoz
2008-10-03 14:59:55
They detect them at a *low protocol level*, not using a blacklist. I don't remember the specifics, I just remember reading about such a technique being used by hulu, that's all.
Gilles
2008-10-03 15:03:58
It looks like it's querying a website to get the information every time? The data might be more accurate than the free database I've mentioned though.
Gilles
2008-10-03 15:01:07
+6
A:
Like Gilles, I've used MaxMind's GeoIP stuff for this in the past - configured with the PECL extension for speed. It works reasonably well, but...
The requirement for this kind of thing tends to come from somebody that doesn't understand that it is impossible to reliably determine a visitors location in this way. It's very important that the person asking for it be encouraged to understand that it is almost useless. Typical thing that happens with geo-location in this:
Client: I want to be able to restrict content by IP
Dev: You do know that that is impossible to do reliably?
Client: Ah yes, but this company say they will sell me something that will do it
Dev: Yes but it isn't accurate and is easy to circumvent and usually indicates a poor business model for internet based content
Client: Can you do it?
Dev: Whatever...
...Six months later...
Client: Some of my visitors have been complaining they can't see my content and some bad people who shouldn't see it have been able to!
Dev: /me slaps head
It's only one step on from there to "can I have it so that when a user right clicks in their browser a little sign pops up saying 'these images are copyright Idiot Inc.'?"
Sorry, obviously in a cynical mood today!
reefnet_alex
2008-10-03 15:12:10
Remember that he might be *legally bound* to block some countries. I worked for a big american corp who legally had to block access from a government-issued blacklist of countries. Failure to comply could have landed people in jail. I can't talk about the specifics but this was very real.
Gilles
2008-10-03 15:21:17
Aye, in the case I've been asked to use it has been part of a legal agreement between a content provider and a publisher. But that's kind of my point - this is flawed thinking, legally obliging the impossible. Still implement, but do feedback the reality of the situation!
reefnet_alex
2008-10-03 15:53:13
Oh, and on that note, I've seen people "legally require" the right click copyright message too. It beggars belief!
reefnet_alex
2008-10-03 15:54:28