ansaurus

Question

Block specific IP block from my website in PHP

Answer 1

+4 A:

Try strpos()

if(strpos($_SERVER['REMOTE_ADDR'], "89.95") === 0))
{
    die();
}

If you notice, the === operator makes sure that the 89.95 is at the begining of the IP address. This means that you can sepcify as much of the IP address as you want, and it will block no matter what numbers come after it.

For instance, all of these will be blocked:

89.95 -> 89.95.12.34, 89.95.1234.1, 89.95.1.1
89.95.6 -> 89.95.65.34, 89.95.61.1, 89.95.6987

(some of those aren't valid IP addresses though)

Chacha102 2010-05-19 22:28:47

hehe, i'm surprised that `strpos` here works faster than `substr`

zerkms 2010-05-19 22:42:16

@zerkms it shouldn't really be surprising - `strpos` can return immediately if the test fails, and does not have to do any string copying or allocation.Also, I just wanted to note that the behaviour changes if you switch `===` for `==`, so don't do that. Use three equal signs.

gnud 2010-05-19 23:09:38

@gnud: for long strings strpos would be slower, just because it should iterate over the whole string to search the needle. and i know what is the difference of `===` and `==`.

zerkms 2010-05-19 23:29:42

@zerkms Yes, the `==` vs `===` was meant as a separate note to complement the answer, not aimed at you :=)

gnud 2010-05-19 23:35:49

Answer 2

+1 A:

Make a substring :) For example for blocking 89.95.25.* you make a substring of the IP, cutting off the last two numbers and compare it to "89.95.25."

Samuel 2010-05-19 22:30:49

Answer 3

A:

Convert the dotted quad to an integer:

$ip = sprintf('%u', ip2long($_SERVER['REMOTE_ADDR']));

// only allow 10.0.0.0 – 10.255.255.255
if (!($ip >= 167772160 && $ip <=  184549375)) {
    die('Forbidden.');
}

webbiedave 2010-05-19 22:31:23

what is the reason of using integers here? making code more obfuscated?

zerkms 2010-05-19 22:32:55

Not that this diminishes the usefulness of this answer, but Authorization sounds more of a Opt-In word, where a select group of people are authorized. In this case, instead of only authorizing a few people, he unauthorizes, or forbids a few people. As such, I would think a better word would be 'Forbidden'.

Chacha102 2010-05-19 22:34:02

@zerkms: Do you usually ignore code comments?

webbiedave 2010-05-19 22:35:54

@Chacha102: I edited.

webbiedave 2010-05-19 22:36:42

@webbiedave: lol. again: what is the reason of using integers here?

zerkms 2010-05-19 22:37:07

@zerkms, how else will you handle a class A or B range? You will be writing a lot of code if you keep the IP address in dotted decimal format.

Marcus Adams 2010-05-19 22:40:51

@Marcus: huh? the question is: "how to block anyone with IP started with 89.95". Nothing about network classes. That's why I asked what is the reason of using integers **here**, in this particular case.

zerkms 2010-05-19 22:44:12

@zerkms: OP: "I'd like, for example". Why not show him a way to do even more?

webbiedave 2010-05-19 22:45:43

@webbiedave: still nothing about classes

zerkms 2010-05-19 22:47:38

@zerkms: Thanks for your insights.

webbiedave 2010-05-19 22:48:22

"Why not show him a way to do even more?": because for this specific question string functions are good enough. But after the answers like yours newbies use integer presentation of IP anywhere they can (instead of strings) and make obfuscated code. just because someone somewhere proposes them to **do in this way** without explanation of applicability of this method ;-)

zerkms 2010-05-19 22:52:29

@zerkms: Thanks again for the insights. I stand by my answer.

webbiedave 2010-05-20 00:30:42

@zerkms, the question reads "How can I block entire IP blocks?"

Marcus Adams 2010-05-20 12:13:42

Answer 4

A:

Use ip2long() to convert dotted decimal to a real IP address. Then you can do ranges easily.

Just do ip2long() on the high and low range to get the value, then use those as constants in your code.

If you're familiar with subnet masking, you can do it like this:

// Deny 10.12.*.*
$network = ip2long("10.12.0.0");
$mask = ip2long("255.255.0.0");
$ip = ip2long($_SERVER{'REMOTE_HOST'});
if (($network & $mask) == ($ip & $mask)) {
  die("Unauthorized");
}

Or if you're familiar with this format 10.12.0.0/16:

// Deny 10.12.*.*
$network = ip2long("10.12.0.0");
$prefix = 16;
$ip = ip2long($_SERVER{'REMOTE_HOST'});
if ($network >> (32 - $prefix)) == ($ip >> (32 - $prefix)) {
  die("Unauthorized");
}

You can turn these into functions and have very manageable code, making it easy to add IP addresses and customize the ranges.

Marcus Adams 2010-05-19 22:32:52

Answer 5

A:

I have successfully block my web visitors to access my Website by using IP2Location™ Block Visitors by Country provided by IP2Location.com. It's a free tool that you just need to select the countries and generate the script for Web Server. I also found that website offers PHP module, maybe you can give a try or find the sample codes from this link.

SuperRomia 2010-05-20 07:47:00

ansaurus

tags:

views:

answers:

Block specific IP block from my website in PHP

related questions