Ban ip range from viewing website

Networking/Security Forums -> Programming and More

Author: DaMonster PostPosted: Wed Sep 11, 2002 2:36 pm    Post subject: Ban ip range from viewing website
    ----
Hello,
i was wondering about...how can i ban an ip or ip range from viewing my website
if is there a way...let me know please...
Thanks

Author: chrisLocation: ~/security-forums PostPosted: Wed Sep 11, 2002 2:41 pm    Post subject:
    ----
Depends on the http server, is it IIS or apache?

In IIS, do properties on the virtual server then
directory security

On here is an Ip security tab

By default all users will be allowed except:

banned.users.ip.here

In linux you could add them to /etc/hosts.deny Smile

Author: chrisLocation: ~/security-forums PostPosted: Wed Sep 11, 2002 2:42 pm    Post subject:
    ----
just realised this was posted in a programming forum Smile

So you want to block an IP with code? what code?

Would be better to do it at server level though

Author: WombatLocation: Canberra PostPosted: Thu Sep 12, 2002 12:48 am    Post subject:
    ----
I just found some info about this in Webmaster World:

http://www.webmasterworld.com/forum23/969.htm

Author: werem00seLocation: U.S.A (west) PostPosted: Thu Sep 12, 2002 1:31 am    Post subject:
    ----
Heck, do it at the firewall...If the firewall is *smart enough, you could do all sorts of goofy stuff with his connections. Redirect to loopback, your favorite pr0n page, a second *special page with lots of misinformation...blah blah...

Author: Jason PostPosted: Sat Oct 12, 2002 1:09 pm    Post subject:
    ----
If you are using coldfusion, you can add the following block of code to the top of the page. if the users ip address is the same as the blocked one, the page stops processing and returns a permissions notice.

Code:

<cfif CGI.REMOTE_ADDR eq "192.168.0.33">
<font face="arial" size="3" color="red">Access Denied</font>
<cfabort>
</cfif>


where 192.168.0.33 is the ip address you wish to block from seeing the page.

NOTE: this is not very secure, as the user of that ip address could bounce through a proxy to conceal his ip. a better way is below:

Code:

<cfif CGI.REMOTE_ADDR NEQ "192.168.0.33">
<font face="arial" size="3" color="red">Access Denied</font>
<cfabort>
</cfif>


ie, this time you deny access to the page from all but one ip address.

if you wish to only give access to a few hosts, it is possible to store their ip addresses in a database table, checking the IP address against those in the DB each time the page is accessed.

Code:

<cfquery name="checkip" datasource="mydsn">
select IPADDR from allowed where ipaddr = #cgi.remote_addr#
</cfquery>

<cfif checkip.recordcount neq 1>
<font face="arial" size="3" color="red">Access Denied</font>
<cfabort>
</cfif>


this code checks the remote computers ip address against a list of those allowed. if the remote ip is not in the list processing stops with the access denied message.

the theory for this is simple, therefor should be easy to apply to any other web language, php, asp etc.

basically you are accessing the CGI varible REMOTE_ADDR, and checking it against your db, or a hardcoded ip.

word of caution: do your self a massive favour, dont copy and paste the code into each page. instead, dump the code into a seperate file, and include in the the page currently being processed. the reason for this, if you wish to make one change, and you have the code pasted into loads of pages, you have to go through and change each page. calling it from another file means modifying the same code only once.

coldfusion users can use the cfinclude tag:

Code:

<cfinclude template="filename.cfm">



Hope this is of some help. i have done coldfusion development for a couple of years, so if you need any help give us a shout.


J

Author: WombatLocation: Canberra PostPosted: Sun Oct 13, 2002 10:58 am    Post subject:
    ----
That's good advice jasonlambert, thanks.

If any of you haven't experienced the joys of server-side includes (SSI) yet (as jasonlambert mentioned with the cfinclude tag), I recommend you give them a go. They work with most (all?) server-side languages, only the syntax differs. Check with your host to see if they support SSI.

Basically, you can make a separate file that contains a chunk of code (e.g. HTML, ASP, JSP, anything you like). Then you can put a reference to this file in as many pages in your site as you like. The code in the file will be literally "included" in the code that gets sent from the server to the user's browser.

You should consider using SSI anywhere that you have code that is repeated across many pages in your site (e.g. for navigation). By using SSI, you only need to make changes to the one file, and your changes are then served up in all pages that use that file as an include. You'll save yourself a heap of time on site maintenance.

On a related note, you can do a similar thing with JavaScript. Use a JavaSript library file (that's just a text file with a .js extension) to hold any JavaScript that is repeated across many pages in your site. Then you "include" that file in your site's pages. Note that the "inclusion" happens client-side, not server-side. This method offers the same maintenance advantages of SSI (only one file to edit), plus the extra advantage that the code in the library file is only downloaded to the client machine once and is then held in the user's cache, so all subsequent pages using that code will load faster.



Networking/Security Forums -> Programming and More


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group