Comments on: How To Block Multiple IP Addresses Using PHP

By: revive

revive — Thu, 03 Dec 2009 08:31:55 +0000

Great post! I implemented it, but for some reason it wasn’t catching any IPs (tested by blocking my own and echo’ing it in the page).. so, I changed the getUserIp function to this:

function getUserIP()
{
$alt_ip = $_SERVER['REMOTE_ADDR'];

if (isset($_SERVER['HTTP_CLIENT_IP']))
{
$alt_ip = $_SERVER['HTTP_CLIENT_IP'];
}
else if (isset($_SERVER['HTTP_X_FORWARDED_FOR']) AND preg_match_all(‘#\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}#s’, $_SERVER['HTTP_X_FORWARDED_FOR'], $matches))
{
// make sure we dont pick up an internal IP defined by RFC1918
foreach ($matches[0] AS $ip)
{
if (!preg_match(“#^(10|172\.16|192\.168)\.#”, $ip))
{
$alt_ip = $ip;
break;
}
}
}
else if (isset($_SERVER['HTTP_FROM']))
{
$alt_ip = $_SERVER['HTTP_FROM'];
}

return $alt_ip;
}

and it works great !!

Thanks again.

By: Favorites from the Feeds #08 « Blogoholics Anonymous

Favorites from the Feeds #08 « Blogoholics Anonymous — Wed, 04 Nov 2009 22:26:55 +0000

[...] 9. How To Block Multiple IP Addresses Using PHP [...]

By: Mohamed Amine

Mohamed Amine — Mon, 26 Oct 2009 10:15:17 +0000

@Slyy
Yes, that is right. at the beginning i was planning to make the output like that.

echo "YOUR IP " . $status . " HAS BEEN BANNED.";

but eventually I figured out that i can just call the $visitorIp instead of $status. Thanks for the notice. but it works with both ways.

By: Slyy

Slyy — Mon, 26 Oct 2009 09:47:37 +0000

Why using array_search when in_array is enough?
You don’t want to retrieve the corresponding key for further work, you just want to know if the current IP is IN the blacklisted array…

By: Mohamed Amine

Mohamed Amine — Sun, 25 Oct 2009 12:10:29 +0000

@G Mali
Yes, that is true. This isn’t the right solution for big projects but it can be useful in a multi-membership system with cookies. I guess you would like to read about http://en.wikipedia.org/wiki/Iptables