Block specific IP block from my website in PHP
Solution 1
Try strpos()
if(strpos($_SERVER['REMOTE_ADDR'], "89.95") === 0)
{
die();
}
If you notice, the ===
operator makes sure that the 89.95
is at the beginning of the IP address. This means that you can specify as much of the IP address as you want, and it will block no matter what numbers come after it.
For instance, all of these will be blocked:
89.95 -> 89.95.12.34
, 89.95.1234.1
, 89.95.1.1
89.95.6 -> 89.95.65.34
, 89.95.61.1
, 89.95.6987
(some of those aren't valid IP addresses though)
Solution 2
Use ip2long()
to convert dotted decimal to a real IP address. Then you can do ranges easily.
Just do ip2long()
on the high and low range to get the value, then use those as constants in your code.
If you're familiar with subnet masking, you can do it like this:
// Deny 10.12.*.*
$network = ip2long("10.12.0.0");
$mask = ip2long("255.255.0.0");
$ip = ip2long($_SERVER['REMOTE_ADDR']);
if (($network & $mask) == ($ip & $mask)) {
die("Unauthorized");
}
Or if you're familiar with this format 10.12.0.0/16
:
// Deny 10.12.*.*
$network = ip2long("10.12.0.0");
$prefix = 16;
$ip = ip2long($_SERVER['REMOTE_ADDR']);
if ($network >> (32 - $prefix)) == ($ip >> (32 - $prefix)) {
die("Unauthorized");
}
You can turn these into functions and have very manageable code, making it easy to add IP addresses and customize the ranges.
Solution 3
Convert the dotted quad to an integer:
$ip = sprintf('%u', ip2long($_SERVER['REMOTE_ADDR']));
// only allow 10.0.0.0 – 10.255.255.255
if (!($ip >= 167772160 && $ip <= 184549375)) {
die('Forbidden.');
}
Solution 4
Make a substring :) For example for blocking 89.95.25.* you make a substring of the IP, cutting off the last two numbers and compare it to "89.95.25."
Solution 5
$user_ip = $_SERVER['REMOTE_ADDR']; // get user ip
$denyIPs = array("111.111.111", "222.222.222", "333.333.333");
if (in_array ($user_ip, $denyIPs)) {
// blocked ip
}
else {
// not blocked
}
Related videos on Youtube
Comments
-
iTayb almost 2 years
I'd like, for example, block every IP from base 89.95 (89.95..). I don't have
.htaccess
files on my server, so I'll have to do it with PHP.if ($_SERVER['REMOTE_ADDR'] == "89.95.25.37") die();
Would block specific IP. How can I block entire IP blocks?
-
zerkms almost 14 yearswhat is the reason of using integers here? making code more obfuscated?
-
rpiaggio almost 14 yearsNot that this diminishes the usefulness of this answer, but Authorization sounds more of a Opt-In word, where a select group of people are authorized. In this case, instead of only authorizing a few people, he unauthorizes, or forbids a few people. As such, I would think a better word would be 'Forbidden'.
-
zerkms almost 14 years@webbiedave: lol. again: what is the reason of using integers here?
-
Marcus Adams almost 14 years@zerkms, how else will you handle a class A or B range? You will be writing a lot of code if you keep the IP address in dotted decimal format.
-
zerkms almost 14 yearshehe, i'm surprised that
strpos
here works faster thansubstr
-
zerkms almost 14 years@Marcus: huh? the question is: "how to block anyone with IP started with 89.95". Nothing about network classes. That's why I asked what is the reason of using integers here, in this particular case.
-
gnud almost 14 years@zerkms it shouldn't really be surprising -
strpos
can return immediately if the test fails, and does not have to do any string copying or allocation. Also, I just wanted to note that the behaviour changes if you switch===
for==
, so don't do that. Use three equal signs. -
zerkms almost 14 years@gnud: for long strings strpos would be slower, just because it should iterate over the whole string to search the needle. and i know what is the difference of
===
and==
. -
gnud almost 14 years@zerkms Yes, the
==
vs===
was meant as a separate note to complement the answer, not aimed at you :=) -
Marcus Adams almost 14 years@zerkms, the question reads "How can I block entire IP blocks?"
-
artfulhacker about 11 years"and yes, PHP does understand wildcards, so using * within the IP with assist in blocking ranges of IPs." are you sure about that? specific version of php maybe?
-
Marcus Adams almost 8 yearsYes, just use REMOTE_ADDR.