views:

484

answers:

5

In there an easy way to do this in PHP. I want to make sure that only web requests from certain countries are able to access my website.

Any ideas?

A: 

There are certain classes that can detect the locale of the user agent. Try something like that. Zend Framework has a great class for this Zend_Locale

Mote
Doesn't a "Locale" just tell how a client is configured not where it is? Couldn't someone have their Locale set to "en_US" but be in Australia?
Dave Webb
Yeah exactly, the locale is the language of the browser, nothing to do with location.
Gilles
+12  A: 

Use an IP geolocation database (some are free) and $_SERVER["REMOTE_ADDR"] to get the visitor's IP address.

http://www.maxmind.com/app/geolitecity is a free (less accurate) version of a commercial one.

Gilles
+4  A: 

Both of the answers (geolocation, user agent) will work but can be defeated. Someone can use a proxy server, or change their user agent. Firefox even has a plugin for that purpose.

CheeZe5
Proxies can be blocked at a low protocol level. Hulu.com does just that. User agents have nothing to do with the problem here.
Gilles
How are you going to reliably block all proxies? The only reliable solution is blacklisting, but new proxies pop up all the time.
ceejayoz
They detect them at a *low protocol level*, not using a blacklist. I don't remember the specifics, I just remember reading about such a technique being used by hulu, that's all.
Gilles
+1  A: 

There's also a pear package

http://pear.php.net/package/Net_Geo

Galen
It looks like it's querying a website to get the information every time? The data might be more accurate than the free database I've mentioned though.
Gilles
+6  A: 

Like Gilles, I've used MaxMind's GeoIP stuff for this in the past - configured with the PECL extension for speed. It works reasonably well, but...

The requirement for this kind of thing tends to come from somebody that doesn't understand that it is impossible to reliably determine a visitors location in this way. It's very important that the person asking for it be encouraged to understand that it is almost useless. Typical thing that happens with geo-location in this:

Client: I want to be able to restrict content by IP
Dev: You do know that that is impossible to do reliably?
Client: Ah yes, but this company say they will sell me something that will do it
Dev: Yes but it isn't accurate and is easy to circumvent and usually indicates a poor business model for internet based content
Client: Can you do it?
Dev: Whatever...

...Six months later...

Client: Some of my visitors have been complaining they can't see my content and some bad people who shouldn't see it have been able to!
Dev: /me slaps head

It's only one step on from there to "can I have it so that when a user right clicks in their browser a little sign pops up saying 'these images are copyright Idiot Inc.'?"

Sorry, obviously in a cynical mood today!

reefnet_alex
Remember that he might be *legally bound* to block some countries. I worked for a big american corp who legally had to block access from a government-issued blacklist of countries. Failure to comply could have landed people in jail. I can't talk about the specifics but this was very real.
Gilles
Aye, in the case I've been asked to use it has been part of a legal agreement between a content provider and a publisher. But that's kind of my point - this is flawed thinking, legally obliging the impossible. Still implement, but do feedback the reality of the situation!
reefnet_alex
Oh, and on that note, I've seen people "legally require" the right click copyright message too. It beggars belief!
reefnet_alex
I'm afraid many laws are flawed thinking :)
Gilles
Very realistic scene... Alas.
PhiLho
+1 for your pain...
nickf