15

I'd like, for example, block every IP from base 89.95 (89.95..). I don't have .htaccess files on my server, so I'll have to do it with PHP.

if ($_SERVER['REMOTE_ADDR'] == "89.95.25.37") die();

Would block specific IP. How can I block entire IP blocks?

Improve this question

8 Answers 8

Reset to default
20

Try strpos()

if(strpos($_SERVER['REMOTE_ADDR'], "89.95") === 0) { die(); }

If you notice, the === operator makes sure that the 89.95 is at the beginning of the IP address. This means that you can specify as much of the IP address as you want, and it will block no matter what numbers come after it.

For instance, all of these will be blocked:

89.95 -> 89.95.12.34, 89.95.1234.1, 89.95.1.1
89.95.6 -> 89.95.65.34, 89.95.61.1, 89.95.6987

(some of those aren't valid IP addresses though)

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

hehe, i'm surprised that strpos here works faster than substr
@zerkms it shouldn't really be surprising - strpos can return immediately if the test fails, and does not have to do any string copying or allocation. Also, I just wanted to note that the behaviour changes if you switch === for ==, so don't do that. Use three equal signs.
@gnud: for long strings strpos would be slower, just because it should iterate over the whole string to search the needle. and i know what is the difference of === and ==.
@zerkms Yes, the == vs === was meant as a separate note to complement the answer, not aimed at you :=)
The fastest code would be: if (substr($_SERVER['REMOTE_ADDR'], 0, 5) == "89.95")
5

Use ip2long() to convert dotted decimal to a real IP address. Then you can do ranges easily.

Just do ip2long() on the high and low range to get the value, then use those as constants in your code.

If you're familiar with subnet masking, you can do it like this:

// Deny 10.12.*.* $network = ip2long("10.12.0.0"); $mask = ip2long("255.255.0.0"); $ip = ip2long($_SERVER['REMOTE_ADDR']); if (($network & $mask) == ($ip & $mask)) { die("Unauthorized"); }

Or if you're familiar with this format 10.12.0.0/16:

// Deny 10.12.*.* $network = ip2long("10.12.0.0"); $prefix = 16; $ip = ip2long($_SERVER['REMOTE_ADDR']); if ($network >> (32 - $prefix)) == ($ip >> (32 - $prefix)) { die("Unauthorized"); }

You can turn these into functions and have very manageable code, making it easy to add IP addresses and customize the ranges.

Improve this answer

3 Comments

Investigating just $_SERVER{'REMOTE_HOST'} would be enough? Because maybe the user uses a proxy. So there is some other parameters that you have to check, like REMOTE_ADDR or these. Am I right? or doing what I linked isn't useful?
Yes, just use REMOTE_ADDR.
Using ip2long() is overbloated because you can so this easier: if (substr($_SERVER['REMOTE_ADDR'], 0, 5) == "89.95")
3

Convert the dotted quad to an integer:

$ip = sprintf('%u', ip2long($_SERVER['REMOTE_ADDR'])); // only allow 10.0.0.0 – 10.255.255.255 if (!($ip >= 167772160 && $ip <= 184549375)) { die('Forbidden.'); }
Improve this answer

10 Comments

what is the reason of using integers here? making code more obfuscated?
Not that this diminishes the usefulness of this answer, but Authorization sounds more of a Opt-In word, where a select group of people are authorized. In this case, instead of only authorizing a few people, he unauthorizes, or forbids a few people. As such, I would think a better word would be 'Forbidden'.
@webbiedave: lol. again: what is the reason of using integers here?
@zerkms, how else will you handle a class A or B range? You will be writing a lot of code if you keep the IP address in dotted decimal format.
@zerkms, the question reads "How can I block entire IP blocks?"
|
1

Make a substring :) For example for blocking 89.95.25.* you make a substring of the IP, cutting off the last two numbers and compare it to "89.95.25."

Improve this answer

Comments

1 
$user_ip = $_SERVER['REMOTE_ADDR']; // get user ip $denyIPs = array("111.111.111", "222.222.222", "333.333.333"); if (in_array ($user_ip, $denyIPs)) { // blocked ip } else { // not blocked }
Improve this answer

Comments

1

This has always worked very well for me: This checks for the proper server variables and compares it against a list of known IPs.. and yes, PHP does understand wildcards, so using * within the IP with assist in blocking ranges of IPs.

// The blacklisted ips. $denied_ips = array( '1.2.3.4', '2.3.*', ); // The function to get the visitor's IP. function getUserIP(){ //check ip from share internet if (!empty($_SERVER['HTTP_CLIENT_IP'])){ $ip=$_SERVER['HTTP_CLIENT_IP']; } //to check ip is pass from proxy elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])){ $ip=$_SERVER['HTTP_X_FORWARDED_FOR']; } else { $ip=$_SERVER['REMOTE_ADDR']; } return $ip; } //The user $visitorIp = getUserIP(); // Now let's search if this IP is blackliated $status = array_search($visitorIp, $denied_ips); // Let's check if $status has a true OR false value. if($status !== false){ echo '<div class="error">Your IP has been banned! Stop spamming us!</div>'; // header("Location: http://zombo.com"); // exit; }

There's also a great article at Perishable Press: http://perishablepress.com/how-to-block-ip-addresses-with-php/

Improve this answer

1 Comment

"and yes, PHP does understand wildcards, so using * within the IP with assist in blocking ranges of IPs." are you sure about that? specific version of php maybe?
0

using revive's code, use this to get wildcard search working

// Now let's search if this IP is blackliated $status = false; foreach($denied_ips as $val) { if (strpos($val,'*') !== false) { if(strpos($visitorIp, array_shift(explode("*", $val))) === 0) { $status = true; break; } } else { if(strcmp($visitorIp, $val) === 0) { $status = true; break; } } }
Improve this answer

Comments

-1 
$deny = array("111.111.111", "222.222.222", "333.333.333"); if (in_array($_SERVER['REMOTE_ADDR'], $deny)) { header("location:http://www.google.com/"); exit(); }
Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.