How To Block Multiple IP Addresses Using PHP

Sometimes you need to disallow a visitor to access your website. The most common reason for this is Spammers. Although there are several other solutions to block multiple IP addresses such as using Apache’s mod_rewrite which I am going to write about it soon. but today I am going to focus on the method of PHP.

Now, Let’s start the code from the beginning.

Step One: Adding The IPs

<?php
// The blacklisted IPs.
$denied_ips = array(
		    '123.456.789.1',
		    '127.0.0.1',
		    '67.220.200.75'
		);

I opened a PHP tag and then created a variable named $denied_ips contains an array of the 3 assigned values which are the IPs we are dealing with. Also you may want to use an external file rather than opening this PHP file every time you want to edit the IPs. it’s easy, just create a new file name it “blacklist.txt” or whatever, and put the IPs that you want to disallow. Another thing you have to do is to change the code to this.

// The blacklisted ips.
$denied_ips = file('ips.txt');

Step Two: Getting The Visitor’s IP

// Function to get the visitor's IP.
function getUserIP()
{
    //check ip from share internet
    if (!empty($_SERVER['HTTP_CLIENT_IP']))
    {
      $ip=$_SERVER['HTTP_CLIENT_IP'];
    }
    //to check ip is pass from proxy
    elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR']))
    {
      $ip=$_SERVER['HTTP_X_FORWARDED_FOR'];
    }
    else
    {
      $ip=$_SERVER['REMOTE_ADDR'];
    }
	return $ip;
}

//The user IP
$visitorIp = getUserIP();

This is the function we are going to use to get the IP of the visitor. Some people just like to use $_SERVER[‘REMOTE_ADDR’] which is fine but i believe by this method we will get more accurate data. Also i have assigned the variable $visitorIp to the function getUserIP().

Edit: Using $_SERVER[‘HTTP_X_FORWARDED_FOR’] to detect the IP could be useless sometimes. And even a reason to grant access to the visitor since it can be modified. So you can just use:

// Function to get the visitor's IP.
function getUserIP()
{
    //check ip from share internet
    if (!empty($_SERVER['HTTP_CLIENT_IP']))
    {
      $ip=$_SERVER['HTTP_CLIENT_IP'];
    }
    else
    {
      $ip=$_SERVER['REMOTE_ADDR'];
    }
	return $ip;
}

//The user IP
$visitorIp = getUserIP();

Step Three: Matching The IPs

// Now let's search if this IP is blackliated
$status = array_search($visitorIp, $denied_ips);

// Let's check if $status has a true OR false value.
if($status !== false)
    {
	echo "YOUR IP HAS BEEN BANNED.";
	// header("Location: http://zombo.com");
	exit;
    }

In the code above the function array_search Searches the array for a given value and returns the corresponding key if successful. So the variable $status is Boolean, if it’s true the program will stop and print “YOUR IP HAS BEEN BANNED”. Otherwise the script will work normally. the redirection to zombo.com is just for irony.

the Complete Code

<?php
// The blacklisted ips.
$denied_ips = array(
		    '123.456.789.1',
		    '127.0.0.1',
		    '67.220.200.75'
		);

// The function to get the visitor's IP.
function getUserIP()
{
    //check ip from share internet
    if (!empty($_SERVER['HTTP_CLIENT_IP']))
    {
      $ip=$_SERVER['HTTP_CLIENT_IP'];
    }
    //to check ip is pass from proxy
    elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR']))
    {
      $ip=$_SERVER['HTTP_X_FORWARDED_FOR'];
    }
    else
    {
      $ip=$_SERVER['REMOTE_ADDR'];
    }
	return $ip;
}

//The user
$visitorIp = getUserIP();

// Now let's search if this IP is blackliated
$status = array_search($visitorIp, $denied_ips);

// Let's check if $status has a true OR false value.
if($status !== false)
    {
	echo "YOUR IP HAS BEEN BANNED.";
	// header("Location: http://zombo.com");
	exit;
    }
?>

Conclusion

Even though this is mostly used to block IPs from a particular website, it can be used in some other ideas as to verify if the user has only one account and so on. I hope you enjoyed this tutorial and thanks for reading. If you you have anything to say please leave it in the comments section below.

 

Leave a Reply

Your email address will not be published. Required fields are marked *