PHP IP block

[TwiztedFake]

I wanting to create a better ip blocker but can't seem to figure it out.

First here is the code that I get the ip with

$ip = ($_SERVER['HTTP_X_FORWARDED_FOR'])
    ?  $_SERVER['HTTP_X_FORWARDED_FOR']
    :  $_SERVER['REMOTE_ADDR'];

This is a sample of the $ip output after that line
$ip = "216.86.152.216";

When an ip is blocked it is added to a table in the database. When the page is accessed it checks for the ip output from the above line against what is in the table.

$query=mysql_query("SELECT * FROM bans WHERE banip LIKE '%$ip%'", $c);
$count=mysql_num_rows($query);
mysql_free_result($query);

if($count == 1)
{
	die("<b><font color=red size=+1>Your IP has been banned, there is no way around this.</font></b></body></html>");
}

Now here is my problem, for instance if 216.86.152.216 is a banned ip and they have a dynamic ip their next access may be 216.86.152.153. How can I ban the range of an ip without having to redo the input to the db. Is there a way to do it when the ip is checked against the db? For example when I ban 216.86.152.216, I want it to ban all ip's 216.86.152.XXX

 

[Barrucadu]

Edit: Oh, I just saw you said without re-doing the db. Ah well...

There is probably a better way than this:

$remoteAddr = ($_SERVER['HTTP_X_FORWARDED_FOR']) 
    ?  $_SERVER['HTTP_X_FORWARDED_FOR'] 
    :  $_SERVER['REMOTE_ADDR'];
$ipBits = explode('.', $remoteAddr);
$ipBits[3] = '*';
$ip = implode('.', $ipBits);

That should output something like "216.86.152.*"

 

[jabba_29]

There will most definitely be tidier ways of doing this, but

<?php
$ip = '216.86.152.216';
$ex   = explode( ".", $ip );
$last = end( $ex );
$ip = str_replace($last .'.', '', $ip);
// do query for IP

 

[champ_rock]

any way to do that without using any databases? like using a text file to list all the ip addresses that u need blocking..?

 

[jabba_29]

Of course.

If you use file() you can open a text file as an array.
Using in_array from there should do the trick.

What exactly do you need to know?
What is your coding level?...

Do you need to know how to write the files or have you got something concrete already?

 

[champ_rock]

Of course.

If you use file() you can open a text file as an array.
Using in_array from there should do the trick.

What exactly do you need to know?
What is your coding level?...

Do you need to know how to write the files or have you got something concrete already?

my coding level is less than a Noob. i know about arrays, file(), foreach and some others.

can u please give me a proper code which i can insert in my already existing php files and use a text file to list out all the ip addresses that i need banned?

 

[-NC-]

$ipBits = explode('.', $remoteAddr);
$ipBits[3] = '*';
$ip = implode('.', $ipBits);

To make the query LIKE statement work, it might need to be:

$ipBits = explode('.', $remoteAddr);
$ipBits[3] = '';
$ip = implode('.', $ipBits);

(no * in second line)



BTW Twizted, you could probably go a bit easier on your DB by doing:

banip LIKE '$ip%'"

(No percent sign at the start)

This assumes your `banip` field contains only a single IP, with no whitespace.

 

[monaco]

Why do you want to do this in PHP? Why not just use the .htaccess file to prevent access from certain IP blocks? That way you don't need to waste server resources handling the request and passing it to PHP, since it's handled by the httpd.

 

[TwiztedFake]

To make the query LIKE statement work, it might need to be:

$ipBits = explode('.', $remoteAddr);
$ipBits[3] = '';
$ip = implode('.', $ipBits);

(no * in second line)



BTW Twizted, you could probably go a bit easier on your DB by doing:

banip LIKE '$ip%'"

(No percent sign at the start)

This assumes your `banip` field contains only a single IP, with no whitespace.

Yes a single ip is stored per entry to the db.

Why do you want to do this in PHP? Why not just use the .htaccess file to prevent access from certain IP blocks? That way you don't need to waste server resources handling the request and passing it to PHP, since it's handled by the httpd.

Well some of the blocks are done with .htaccess, some are done via php. The reason for this is that this is used on an rpg game, Permant blocks are done through .htaccess, the ones that are done through php are timed blocks, that are reset by a cron job based on the time frame the ban was set for.

 

[champ_rock]

well in my case i use a Centos VPS and it does not seem to take any command from the .htaccess file.. it does not even redirect www. to the root of my site

therefore without .htaccess working i think php is the only way i can achieve it

 

[jerometan]

You can install APF Firewall.

Just get your application to execute "apf -d IP.IP.IP.0/24".
Will block the whole range of IP.IP.IP.*

 

[champ_rock]

please tell me what command should i write in YUM to install apf firewall?

 

[Camron]

please tell me what command should i write in YUM to install apf firewall?

As far as I know there is no current way to install apf via the yum tool. You can use this reference, it's quite easy to install actually:

http://www.webhostgear.com/61.html