Block specific IP block from my website in PHP

32,874

Solution 1

Try strpos()

if(strpos($_SERVER['REMOTE_ADDR'], "89.95") === 0)
{
    die();
}

If you notice, the === operator makes sure that the 89.95 is at the beginning of the IP address. This means that you can specify as much of the IP address as you want, and it will block no matter what numbers come after it.

For instance, all of these will be blocked:

89.95 -> 89.95.12.34, 89.95.1234.1, 89.95.1.1
89.95.6 -> 89.95.65.34, 89.95.61.1, 89.95.6987

(some of those aren't valid IP addresses though)

Solution 2

Use ip2long() to convert dotted decimal to a real IP address. Then you can do ranges easily.

Just do ip2long() on the high and low range to get the value, then use those as constants in your code.

If you're familiar with subnet masking, you can do it like this:

// Deny 10.12.*.*
$network = ip2long("10.12.0.0");
$mask = ip2long("255.255.0.0");
$ip = ip2long($_SERVER['REMOTE_ADDR']);
if (($network & $mask) == ($ip & $mask)) {
  die("Unauthorized");
}

Or if you're familiar with this format 10.12.0.0/16:

// Deny 10.12.*.*
$network = ip2long("10.12.0.0");
$prefix = 16;
$ip = ip2long($_SERVER['REMOTE_ADDR']);
if ($network >> (32 - $prefix)) == ($ip >> (32 - $prefix)) {
  die("Unauthorized");
}

You can turn these into functions and have very manageable code, making it easy to add IP addresses and customize the ranges.

Solution 3

Convert the dotted quad to an integer:

$ip = sprintf('%u', ip2long($_SERVER['REMOTE_ADDR']));

// only allow 10.0.0.0 – 10.255.255.255
if (!($ip >= 167772160 && $ip <=  184549375)) {
    die('Forbidden.');
}

Solution 4

Make a substring :) For example for blocking 89.95.25.* you make a substring of the IP, cutting off the last two numbers and compare it to "89.95.25."

Solution 5

$user_ip = $_SERVER['REMOTE_ADDR']; // get user ip

$denyIPs = array("111.111.111", "222.222.222", "333.333.333");
if (in_array ($user_ip, $denyIPs)) {
   // blocked ip
}
else {
   // not blocked
}
Share:
32,874

Related videos on Youtube

iTayb
Author by

iTayb

Just another guy surfing the web (:

Updated on July 09, 2022

Comments

  • iTayb
    iTayb almost 2 years

    I'd like, for example, block every IP from base 89.95 (89.95..). I don't have .htaccess files on my server, so I'll have to do it with PHP.

    if ($_SERVER['REMOTE_ADDR'] == "89.95.25.37") die();

    Would block specific IP. How can I block entire IP blocks?

  • zerkms
    zerkms almost 14 years
    what is the reason of using integers here? making code more obfuscated?
  • rpiaggio
    rpiaggio almost 14 years
    Not that this diminishes the usefulness of this answer, but Authorization sounds more of a Opt-In word, where a select group of people are authorized. In this case, instead of only authorizing a few people, he unauthorizes, or forbids a few people. As such, I would think a better word would be 'Forbidden'.
  • zerkms
    zerkms almost 14 years
    @webbiedave: lol. again: what is the reason of using integers here?
  • Marcus Adams
    Marcus Adams almost 14 years
    @zerkms, how else will you handle a class A or B range? You will be writing a lot of code if you keep the IP address in dotted decimal format.
  • zerkms
    zerkms almost 14 years
    hehe, i'm surprised that strpos here works faster than substr
  • zerkms
    zerkms almost 14 years
    @Marcus: huh? the question is: "how to block anyone with IP started with 89.95". Nothing about network classes. That's why I asked what is the reason of using integers here, in this particular case.
  • gnud
    gnud almost 14 years
    @zerkms it shouldn't really be surprising - strpos can return immediately if the test fails, and does not have to do any string copying or allocation. Also, I just wanted to note that the behaviour changes if you switch === for ==, so don't do that. Use three equal signs.
  • zerkms
    zerkms almost 14 years
    @gnud: for long strings strpos would be slower, just because it should iterate over the whole string to search the needle. and i know what is the difference of === and ==.
  • gnud
    gnud almost 14 years
    @zerkms Yes, the == vs === was meant as a separate note to complement the answer, not aimed at you :=)
  • Marcus Adams
    Marcus Adams almost 14 years
    @zerkms, the question reads "How can I block entire IP blocks?"
  • artfulhacker
    artfulhacker about 11 years
    "and yes, PHP does understand wildcards, so using * within the IP with assist in blocking ranges of IPs." are you sure about that? specific version of php maybe?
  • Marcus Adams
    Marcus Adams almost 8 years
    Yes, just use REMOTE_ADDR.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related