Skip to main content

How to block user IP address from your website in PHP

how to block your website user using their ip address

blocking users from your site

There are many reasons you may need to block an IP address from visiting your website.
For example, to prevent particular users doing malicious things with your website - trying to spam your web forms, or hack your shopping cart, etc. Using PHP, you can easily find your site visitors' website addresses and based on these addresses to redirect them to specific places on your site. If you use such IP ban protection on your website, you will also need to not only list individual addresses to be blocked but also IP masks and IP ranges.
In this tutorial I would show you how you can do that.But,it would be manual.i'd talk about manual and automatic way to do it.
Let's start! First, we will create an array to list all the IP addresses that we want to block. Besides single IP addresses, we will also use IP ranges such as 216.58.197.101-216.58.197.200 and IP masks 100.88.*.*. Here is the array
<?php

$ip_block = array(
'111.65.248.132',
'216.58.197.119',
'192.168.1.100',
'192.168.1.105',
'100.88.*.*',
'122.25.100.*',
'216.58.197.101-216.58.197.200',
'98.255.255.100-98.255.255.150' );
When a visitor comes to your website you will need to find their IP address and store it in a variable. You can find out the IP address using this piece of code:
if (isset($_SERVER['HTTP_CLIENT_IP']))
{
$client_ip = $_SERVER['HTTP_CLIENT_IP'];
} else if(isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$client_ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
} else if(isset($_SERVER['HTTP_X_FORWARDED'])) {
$client_ip = $_SERVER['HTTP_X_FORWARDED'];
} else
if(isset($_SERVER['HTTP_FORWARDED_FOR'])) {
$client_ip = $_SERVER['HTTP_FORWARDED_FOR'];
} else if(isset($_SERVER['HTTP_FORWARDED'])) {
$client_ip = $_SERVER['HTTP_FORWARDED'];
} else if(isset($_SERVER['REMOTE_ADDR'])) {
$client_ip = $_SERVER['REMOTE_ADDR']; }
The code above will check every possible variable which may hold information about visitor's IP address. Once it is executed, you will have visitor IP address stored in $client_ip variable. Now we will have to create a loop and match visitor's IP address against each IP address that we have in our $ip_block array. In the code below there are 3 IF cases 1) if($client_ip == $ip) - if visitor's IP addresses exactly matches the IP address defined in $ip_block array. If this is the case we set a variable $blocked to true and exit from the loop. 2) if(strpos($ip, '*') !== false) - if the blocked IP address has * or in other words if we use a mask to define the IP addresses that we need to block. If for example, you define 100.100.100.* this will block all visitors with IP addresses 100.100.100.1, 100.100.100.2, 100.100.100.3, 100.100.100...... 255. If we have to check visitors IP address against such mask we split the IP addresses by . and match each of the 4 parts of the IP address. If there is a match, then we consider the IP address to be blocked and exit the loop 3) if(strpos($ip, "-") !== false) - with the last IF case we check if the visitors IP address should be checked against IP range. In that case we convert the IP address to an integer using ip2long() function and compare that interger with the start and end IP addresses from the range.
$blocked = false;
foreach($ip_block as $ip)
{ if($client_ip == $ip)
{ $blocked = true;
break;
}else if(strpos($ip, '*') !== false){
$digits = explode(".", $ip);
$client_ip_digits = explode(".", $client_ip);
if($digits[1] == '*' && $digits[0] == $client_ip_digits[0])
{
$blocked = true;
break;
}else if($digits[2] == '*' && $digits[0] ==
$client_ip_digits[0] && $digits[1] == $client_ip_digits[1]){
$blocked = true;
break;
}else if($digits[3] == '*' && $digits[0] ==
$client_ip_digits[0] && $digits[1] == $client_ip_digits[1] && $digits[2] == $client_ip_digits[2]){
$blocked = true; break;
}
}else if(strpos($ip, "-") !== false){
list($start_ip, $end_ip) = explode("-", $ip);
$start_ip = preg_replace('/\s+/', '', $start_ip);
$end_ip = preg_replace('/\s+/', '', $end_ip);
$start_ip_long = ip2long($start_ip);
$end_ip_long = ip2long($end_ip);
if($client_ip_long >= $start_ip_long && $client_ip_long <= $end_ip_long)
{
$blocked = true;
break; }

}
}
At the end we will have a variable $blocked which if set to true means that visitors IP address is found in our list with blocked IP addresses and we should block it.
if($blocked == true)
{
header('Location: blocked-page.html');
}
You can redirect the user to another page or just print some message.
The above code is useful if you want to redirect different website visitors to different pages on your website. Using third party service you can find out location country for an IP address and knowing visitor's country to redirect them to specific language version of your website.
Now the reason why i called it a manual method is because we had to put in the users ip address manually.W hat if you had a large website running with hundred of millions of users .what would you do?? You would definitely need an automatic way to do this.A lthough i won't teach that but i can give you an idea of what you can do

Many dynamic websites that i know blocks ip addresses using rules.They write codes in their sites that helps them detects violations and the ip address of the user causing the violation is taken to a blocked user database were they are stored and blocked
Labels:

Comments

Post a Comment

Popular posts from this blog

how to create Session cookies in php

What are Session cookies Session cookies , also known as ' temporary cookies ', help websites recognise users and the information provided when they navigate through a website. Session cookies only retain information about a user's activities for as long as they are on the website. Once the web browser is closed, the cookies are deleted. These are commonly used on shopping websites or e-commerce websites.We have already talked about cookies, Learn all about cookies . Cookies are the reason Trednix.com remembers your username between visits and the reason you don’t necessarily need to log in to your Hotmail account every time you open your browser. Cookie data typically contains a short set of information regarding when you last accessed a site, an ID number, and, potentially, information about your visit. Let’s now look at the basic syntax used to create a cookie. <?php setcookie(cookie_name, cookie_value, [expiry_time], [cookie_path], [domain], [secure], [httponl...
Post a Comment
Read more

How to create a search engine

How to create a search engine I am going to teach you how we can create a search engine using Google API . You can add more styles to it ,because I'd be creating a simple looking search engine. Google Custom Search API are wonderful tools to create some awesome search engine like tools. Also if you want to add a search option to your website and customize the look and feel of your search results, Google Custom Search API serve best to you. I have created a Real Time Search engine (I call it real time as it search as you type). I am really impressed by the speed/response of Google Search API. In order to use Google Search API, you have to first generate a Key for you. Go to following page and signup your self for the Key. Sign up for Google API Key https://code.google.com/apis/ajaxsearch/signup.html Next step is to include the Google Search API javascript. Don’t forget to mention your key in the below code. <script src="http://www.google.com/jsapi?key=YOURKEY...
Post a Comment
Read more

All you need to know about web cookies

Hello guys ,we all know as a web developers we need cookies ,i am not talking about the normal cookies , I'm talking of web cookies , it's a really good cookie for us 😋.All dynamic website uses cookies in one way or the other and we would be talking about all the types of cookies websites uses. What are cookies? Cookies are small text files placed on a user’s computer (or smartphone), which are commonly used to collect personal data. Most website operators place cookies on the browser or hard drive of their user's computer. Cookies can gather information about the use of a website or enable the website to recognise the user as an existing customer when they return to the website at a later date. This file is neither a virus nor spyware. The law protects website users and lets them opt-out from the use of cookies on their website browser. What are the benefits of cookies? Cookies are used to make the user's web experience faster, convenient and personalised. ...
Post a Comment
Read more