subscribe via rss subscribe via mail subscribe via twitter

How To Block Multiple IP Addresses Using PHP

Posted in PHP, October 20th, 2009 and has 19 comments

MOVED: How To Block Multiple IP Addresses Using PHP

Author

Mohamed Amine is a university student. He lives in Algeria, Algiers. He is interested in PHP, jQuery, and Css. He likes to play Bowling and Pool. You can follow him on Twitter and Facebook.

What's next? Help us to share this.

Comments

Want to show an avatar next to your comments? Join Gravatar.
  • G Mali said:

    nice idea…but wouldn’t the hackers just change locations??? lol

  • @G Mali
    Yes, that is true. This isn’t the right solution for big projects but it can be useful in a multi-membership system with cookies. I guess you would like to read about http://en.wikipedia.org/wiki/Iptables

  • Slyy said:

    Why using array_search when in_array is enough?
    You don’t want to retrieve the corresponding key for further work, you just want to know if the current IP is IN the blacklisted array…

  • @Slyy
    Yes, that is right. at the beginning i was planning to make the output like that.

    echo "YOUR IP " . $status . " HAS BEEN BANNED.";
    

    but eventually I figured out that i can just call the $visitorIp instead of $status. Thanks for the notice. but it works with both ways.

  • revive said:

    Great post! I implemented it, but for some reason it wasn’t catching any IPs (tested by blocking my own and echo’ing it in the page).. so, I changed the getUserIp function to this:

    	function getUserIP()
    	    {
    	        $alt_ip = $_SERVER['REMOTE_ADDR'];
    
    	        if (isset($_SERVER['HTTP_CLIENT_IP']))
    	        {
    	            $alt_ip = $_SERVER['HTTP_CLIENT_IP'];
    	        }
    	        else if (isset($_SERVER['HTTP_X_FORWARDED_FOR']) AND preg_match_all('#\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}#s', $_SERVER['HTTP_X_FORWARDED_FOR'], $matches))
    	        {
    	            // make sure we dont pick up an internal IP defined by RFC1918
    	            foreach ($matches[0] AS $ip)
    	            {
    	                if (!preg_match("#^(10|172\.16|192\.168)\.#", $ip))
    	                {
    	                    $alt_ip = $ip;
    	                    break;
    	                }
    	            }
    	        }
    	        else if (isset($_SERVER['HTTP_FROM']))
    	        {
    	            $alt_ip = $_SERVER['HTTP_FROM'];
    	        }
    
    	        return $alt_ip;
    	    }
    

    and it works great !!

    Thanks again.

  • Thank you so much revive! (:

  • Hey! Can I submit this post to my website? It’s very nice post, I’d like to share it with others:)

  • Yes, sure thing (:
    As long as you point to the source.

  • Saw13 said:

    Thanks , that helped me :)

  • Altered it a bit (view below) to function to block out not just single IPs, but blocks of IPs… really simple change, works on the same basis. (in this example I used it to stop some blocks of Chinese IPs that were spamming our Joomla site with junk users)

  • PS Thanks for the code!

    (oops the code I added wasn’t visible last time)

    $denied_ips = array(
                '222.186.2',
                '60.169.78',
                '61.160.232'
            );
     
    function getUserIP()
    {
        //check ip from share internet
        if (!empty($_SERVER['HTTP_CLIENT_IP']))
        {
          $ip=$_SERVER['HTTP_CLIENT_IP'];
        }
        //to check ip is pass from proxy
        elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR']))
        {
          $ip=$_SERVER['HTTP_X_FORWARDED_FOR'];
        }
        else
        {
          $ip=$_SERVER['REMOTE_ADDR'];
        }
        return $ip;
    }
     
    $visitorIp = getUserIP();
    
    foreach($denied_ips as $dip){
    	if(stristr($$visitorIP,$dip)){
    		echo "YOUR IP HAS BEEN BANNED.";
        exit;
    }
    }
    
    
  • faiyaz said:

    kindly send me a code for checking blacklisted ip using post or get method

  • Ubbe said:

    Finally, a way to fight the senseless WebSense bots! hurray
    Last i checked, 208.80.194.*

  • Adam said:

    very very thanks – it works and it’s very easy to “install”

    it helped me :)

  • bcb said:

    the post from Joel Urbina above which shows how to block blocks of IP addresses is good, but there were some typos when calling a variable and one more which I have corrected below.

  • bcbbcb said:

    Here is the post again… I think I got the tags right to post code this time.

    
    <?php
    $denied_ips = array(
                '222.186.2',
                '60.169.78',
                '61.160.232'
            );
      
    function getUserIP()
    {
        //check ip from share internet
        if (!empty($_SERVER['HTTP_CLIENT_IP']))
        {
          $ip=$_SERVER['HTTP_CLIENT_IP'];
        }
        //to check ip is pass from proxy
        elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR']))
        {
          $ip=$_SERVER['HTTP_X_FORWARDED_FOR'];
        }
        else
        {
          $ip=$_SERVER['REMOTE_ADDR'];
        }
        return $ip;
    }
      
    $visitorIp = getUserIP();
     
    foreach($denied_ips as $dip){
        if(stristr($visitorIp,$dip)){
            echo "YOUR IP HAS BEEN BANNED.";
        exit;
    }
    }
    
    ?>
    
    
  • bcbbcb said:

    Can someone post code for using a text file as the input source. I have tried the brief description above and I have not been able to get it to work… not sure why so if anyone has a sample please post it!

    Thanks

Follow Discussion

Trackbacks