Block IP range

tomharto · 10-18-2011, 10:51 PM

I need a method of blocking and IP range, E.G. 115.125.12.*

So anything starting with 115.125.12 would be blocked. What would the easiest way of doing this be?

Adee · 10-18-2011, 11:59 PM

On just one page or what?

PHP Code:


			
<?php

$range = array();

$range = "99.99.99";

$user = $_SERVER['REMOTE_ADDR'];
$users = explode(".", $user);

$users_a = $users[0] . "." . $users[1] . "." . $users[2];

if ( in_array ( $users_a, $range ) )
{
// do something..


}
?>

oracleguy · 10-19-2011, 12:25 AM

I would use htaccess unless you want to present something more than a HTTP 403 error.

tomharto · 10-19-2011, 12:30 AM

well what i do is if a users IP is banned i redirect them to a page saying "your banned" and the details about it.

Regarding the .htaccess the IPs are stored in a database, is it possible to fill the htaccess file from a database or isnt that doable?

Fou-Lu · 10-19-2011, 12:56 AM

I like to over-complicate things myself. I'd write a cidr class that lets me compare a provided address to a subnet range.
Hmm, offhand I'm not sure if you can link the ip lookup into .htaccess. I know you can do the authentication for basic and whatnots (but you can do that from PHP as well), but for actual IP addresses, I'm not too sure.

Adee · 10-19-2011, 03:03 AM

Quote:

Originally Posted by tomharto

well what i do is if a users IP is banned i redirect them to a page saying "your banned" and the details about it.

Regarding the .htaccess the IPs are stored in a database, is it possible to fill the htaccess file from a database or isnt that doable?

What I gave you is viable. You could redirect them with it. You could probably make a script to write an .htaccess file for you with the IPs + necessary tags and have a cronjob or something to update it to include new IPs you add

tomharto · 10-19-2011, 08:30 AM

Im gonna look at putting your code into what i already have, ill let you know what happens when i do it later on today

Cjwinnit · 10-19-2011, 03:26 PM

I wrote a script for this exact purpose a week or two ago

http://www.codingforums.com/showthread.php?t=239805

tomharto · 10-19-2011, 05:03 PM

That looks like it would do the job

, im just thinking now, how would i put it into my current script?

PHP Code:


			
$IP = $_SERVER['REMOTE_ADDR'];
$curTime = time(); //ban_start     ban_end
$banList = "SELECT * FROM phpbb_banlist WHERE ban_start < $curTime AND ban_end > $curTime AND ban_ip = '$IP' OR ban_start < $curTime AND ban_end = 0 AND ban_ip = '$IP'";

$banRes  = mysql_query($banList);
if ((mysql_num_rows($banRes)) > 0)
{
    $deny = array();
    while ($row = mysql_fetch_array($banRes))
    {
        $deny[] = $row['ban_ip'];
        $deny[$row['ban_ip']] = $row['ban_end'];
    }
    
    
    if (in_array($_SERVER['REMOTE_ADDR'], $deny))
    {
        $_SESSION['until'] = date("d-m-Y", $deny[$_SERVER['REMOTE_ADDR']]);
        header ("Location: banned.php");
        die();
    }
}

The IP's it would return are in the format xxx.xxx.xxx.xxx or xxx.xxx.xxx.*

Cjwinnit · 10-19-2011, 05:16 PM

Hi. 2 questions:

1/ By "that", do you mean mine?

2/ You said in the form "xxx.xxx.xxx.xxx" and "xxx.xxx.xxx.*"? so you'd have a list of banned individual IP's and banned ranges together in the same banlist?

tomharto · 10-19-2011, 05:19 PM

Yeah i meant your

. Yeah there all in one list, would that be a problem?

Cjwinnit · 10-19-2011, 05:25 PM

Not necessarily.

I would say that having it in "xxx.xxx.xxx.0/bla" form is a bit better as it's a standard way of storing it - I understand if it's a bit of work to change though.

As examples,
"192.168.0.*" is the same as "192.168.0.0/24".
"192.168.*.*" is the same as "192.168.0.0/16".
"192.*.*.*" is the same as "192.168.0.0/8".

If you wanted to ban only the IP "200.15.6.7" you would write "200.15.6.7/32"

I'll work on your script

---------------
is "$deny[]" in the loop the banlist in array form?

tomharto · 10-19-2011, 05:32 PM

Okay, well that wouldnt be much to change yet at all so i can do it that way, how would i put your functions into my script cause mines just a simple in_array

Cjwinnit · 10-19-2011, 05:39 PM

1/ Put the two functions in your script.

2/ Have your script get the ban list out of the MySQL database and store it in an array (your script does this well as far as I can see

). For sake of argument, let's call the array "$banlist".

3/ Change:

PHP Code:


			
if (in_array($_SERVER['REMOTE_ADDR'], $banlist)) { **DO STUFF** }

to:

PHP Code:


			
foreach($banlist as $val) 

{ 

if(isipinsub ($_SERVER["REMOTE_ADDR"], $val)){ **DO STUFF** } 

}

----

In fact you could store individual IP's in your database even if you forgot to put "/32" at the end. It wouldn't take too long to write a quick script to stick "/32" on the end of an array entry if it didn't find a slash in it.

tomharto · 10-19-2011, 05:40 PM

Thanks a lot

, a lot easier than i was thinking it was gonna be :P