PHP ban IP range script

Boks · 05-14-2003, 08:29 PM

I know how to ban a single IP from visiting my site, but I need to ban a range.

I've got:

Code:

<?php
if (eregi ("123\.123\.123\.[1-100]", $HTTP_SERVER_VARS["REMOTE_ADDR"]))
{
print "Banned";
       exit();
}?>

but that seems to ban 123.123.123.1-255.

Any ideas how to do it or what I'm doing wrong? I've searched google (that's where I found the above code) and some script sites, but didn't have much luck finding what I need.

Thanks for any help

sde · 05-14-2003, 09:33 PM

this should work =)

PHP Code:

  <?php

$ip="123.123.123.101";

 
if (eregi("123\.123\.123\.([0-9]$|[0-9]{2}$|100$)",$ip))

{

  print "Banned";

  exit();

}

else

{

  print "passed";

}

?>

Boks · 05-17-2003, 07:24 AM

I gave it a try, but didn't completly understand the code, however simple it may be

. I don't know too much about php yet

.

It probably doesn't make too much differene, but I I guess should have said that I wanted to ban the last 2 ranges 123.123.*.* . But when I modified the code, I couldn't get it to work properly. I'm pretty sure it was something I was doing wrong and not the actual code.

I ended up doing it like this:

PHP Code:

  <?php

$ban_range_low=ip2long("217.234.1.1");

$ban_range_up=ip2long("217.234.255.255");

$ip=ip2long($HTTP_SERVER_VARS["REMOTE_ADDR"]);

if ($ip>$ban_range_low && $ip<$ban_range_up)

{

    print "Banned";

    exit(); 

}

?>

Thanks for your help though sde, much appreciated

redhead · 05-17-2003, 07:39 AM

Or perhaps like this:

PHP Code:

  <?php

 
if (eregi("123.123.([0-9]$|[0-9]{2}$|255$).([0-9]$|[0-9]{2}$|255$)",

            ip2long($HTTP_SERVER_VARS["REMOTE_ADDR"])))

{

  print "Banned";

  exit();

}

else

{

  print "passed";

}

?>

yak · 07-18-2007, 01:04 AM

Single ip ban or 3 different ranges of ip

<?php
// Addresses to block.
$range = array('0'=>'216.47.55.141',
'1'=>'72.47.147',
'2'=>'74.171',
'3'=>'58'
);

// Check current IP.
foreach($range as $list){
if(strstr($_SERVER['REMOTE_ADDR'], $list)){
echo 'Sorry page is down check back later';
exit();
}
}
?>

sde · 07-18-2007, 10:21 AM

wow, talk about digging up a 4 year old post!

anyhow, your example is wrong. your "if" statement would pass regardless of where the location of the partial IP is. strstr just returns the string up until the position of the match.

example: 1.2.3.58, 1.2.74.171

both of those IPs would be denied access. you need to use regular expressions to indicate that '58' is the beginning of what you are trying to match.

sde · 07-18-2007, 10:54 AM

if you didn't want to use regular expressions, and the IPs in your IP array always started at the beginning of the IP, then you could do something like this:

PHP Code:

  <?php
function checkIP($ip_to_match, $ip_array) {

  // make sure this is an array before we use foreach
  if (is_array($ip_array)) {

    // loop through ip array
    foreach ($ip_array as $ip) {

      // first test if there is a match, then test if the match starts at the beginning
      if (strpos($ip_to_match, $ip)===0) {
        return true;
      }
    }
  }

  return false;
}

$ban_array = array(
  '216.47.55.141',
  '72.47.147',
  '74.171',
  '58'
);

if (checkIP($_SERVER['REMOTE_ADDR'], $ban_array)) {
  echo "This page is not accessible.";
  exit;
}
?>

:: modified from kelvin's suggestion below ::

Kelvin · 08-03-2007, 05:26 AM

Just the function I needed, cheers sde.

1 slight possible improvement is removing the strstr, and instead checking explicitly (===) for 0 on strpos.

PHP Code:

  function checkIP($ip_to_match, $ip_array) {

 
  // make sure this is an array before we use foreach

  if (is_array($ip_array)) {

 
    // loop through ip array

    foreach ($ip_array as $ip) {

 
      // first test if there is a match, then test if the match starts at the beginning

      if (strpos($ip_to_match, $ip)===0) {

        return true;

      }

    }

  }

 
  return false;

}

sde · 08-03-2007, 06:14 PM

nice catch!

Belisarius · 08-03-2007, 08:45 PM

Yeah, that's what's always bugged me about the weak-typing nature of PHP - I'm never quite sure if what I'm seeing is a 0 or FALSE, 1 or TRUE.

DJMaze · 08-04-2007, 12:37 AM

Why not put a CIDR block in .htaccess?

unknownsheep · 08-04-2007, 08:05 AM

PHP Code:

  $ip = $_SERVER['REMOTE_ADDR'];
$ip = str_replace(".","",$ip);

$ip_from = "192.168.0.0";
$ip_to = "192.168.255.255";

$ip_from = str_replace(".","",$ip_from);
$ip_to = str_replace(".","",$ip_to);

if ($ip < $ip_from || $ip > $ip_to) { die("Denied"); }

Shouldn't that work?

DJMaze · 08-04-2007, 09:01 AM

It costs yet another member 10 lines of code for IP banning.
And you all forgot to send the 403 HTTP Status code header, so again.....

Why not just put a CIDR block in .htaccess?

It's as easy as writing 1 line of code.

redhead · 08-04-2007, 02:12 PM

Hmm... considder your code once more, then you'll soon realise a flaw in it.
Else try to match the ip: 213.1.34.120 in your code.

The easy way would be to use CIDR blocking.

Code:

Deny from 192.168.

unknownsheep · 08-04-2007, 03:30 PM

Quote:

Originally Posted by redhead

Hmm... considder your code once more, then you'll soon realise a flaw in it.
Else try to match the ip: 213.1.34.120 in your code.

The easy way would be to use CIDR blocking.

Code:

Deny from 192.168.

A flaw in what?