Checking visitors IP against a table of IPs. Some wildcards.

Question

I have a script that loops through an array of IP's and checks the clients IP against them.

//filter IP address list
$ip = array();
$ip[] = '10.10.5.*';
$ip[] = '234.119.260.65';
$ip[] = '234.119.254.2';

function testIP($ip){
//testing that correct IP address used
for($i=0, $cnt=count($ip); $i<$cnt; $i++) {
    $ipregex = preg_replace(”/\./”, “\.”, $ip[$i]);
    $ipregex = preg_replace(”/\*/”, “.*”, $ipregex);

    if(preg_match('/'.$ipregex.'/', $_SERVER[REMOTE_ADDR])){
    // apply filter
    return true;
    }
    //do not apply filter
    return false;
}

The thing is, I want my list of ip addresses to be in a table, and I want to make it as efficient as possible. The only way I can see of doing this is to SELECT * , and loop through each one in turn. Can anyone see a more efficient way of doing this? Perhaps on the MySQL side of things?

Answer 1

Change the "*" to "%" then do

SELECT 1 FROM filters WHERE '1.2.3.4' LIKE ip LIMIT 1

Answer 2

You can use cisco style:

$ip[] = '10.10.5.0/24';

match function bellow

# Matches:
# xxx.xxx.xxx.xxx        (exact)
# xxx.xxx.xxx.[yyy-zzz]  (range)
# xxx.xxx.xxx.xxx/nn     (nn = # bits, cisco style -- i.e. /24 = class C)
#
# Does not match:
# xxx.xxx.xxx.xx[yyy-zzz]  (range, partial octets not supported)
function matchIP($range, $ip) {
    $result = true;
    if (preg_match("`^(\d{1,3}) \. (\d{1,3}) \. (\d{1,3}) \. (\d{1,3})/(\d{1,2})$`x", $range, $regs)) {
        # perform a mask match
        $ipl = ip2long($ip);
        $rangel = ip2long($regs[1] . "." . $regs[2] . "." . $regs[3] . "." . $regs[4]);
        $maskl = 0;
        for ($i = 0; $i< 31; $i++) {
            if ($i < $regs[5]-1) {
                $maskl = $maskl + pow(2,(30-$i));
            }
        }
        if (($maskl & $rangel) == ($maskl & $ipl)) $result = true;
        else $result = false;
    } else {
        # range based
        $maskocts = explode(".",$range);
        $ipocts = explode(".",$ip);
        # perform a range match
        for ($i=0; $i<4; $i++) {
            if (preg_match("`^\[(\d{1,3}) \- (\d{1,3})\]$`x", $maskocts[$i], $regs)) {
                if ( ($ipocts[$i] > $regs[2]) || ($ipocts[$i] < $regs[1])) {
                    $result = false;
                }
            } else {
                if ($maskocts[$i] != $ipocts[$i]) {
                    $result = false;
                }
            }
        }
    }
    return $result;
}

Answer 3

If your input is guaranteed to be an IP address (you pull it out of $_SERVER, so validity checking or "understanding" the IP address is a no-goal here):

//filter IP address list
$ip = array();
$ip[] = '10.10.5.*';
$ip[] = '234.119.260.65';
$ip[] = '234.119.254.2';

function testIP($ip){
  //testing that correct IP address used
  for($i=0, $cnt=count($ip); $i<$cnt; $i++) {
    $ipregex = preg_replace("/\\./", "\\\\.", $ip[$i]);
    $ipregex = preg_replace("/\\*/", "[.\\\\d]+", $ipregex);

    if(preg_match("/^".$ipregex."$/", $_SERVER[REMOTE_ADDR])){
      // apply filter
      return true;
    }
  }
  //do not apply filter
  return false;
}