HomeDesigning Your WebsiteHTML, CSS, and Javascript

IP Filtering

zimbabwe posted this at 18:12 — 22nd December 2001.

They have: 58 posts

Joined: May 2001

Is there a way to control who gets to a page on your site based upon IP addresses? I would like to be able to block all users who are not in my address range from getting to one of my pages.

I found how to do this in Netscape, but not in IE.

Thanks,

Zimbabwe

mmi posted this at 21:39 — 22nd December 2001.

mmi's picture

They have: 457 posts

Joined: Jan 2001

hey Zimbabwe - I'm not much help with security, but these threads might help ya some: one - two

Wil posted this at 12:19 — 23rd December 2001.

They have: 601 posts

Joined: Nov 2001

What do you mean, found out how to do it with Netscape? You mean you were using a client-side method, like Javascript? Well if so, a persistent hacker could very easily get passed your method.

Why not take advantage of server side controll files, typically named .htaccess files on *ix machines. This is a far more secure method, and makes sure that whatever browser they use the authentication happens on server level.

Be very careful with banning IP addresses, though. Make sure you research the IP address and check that it's not a proxy or a gateway IP. And make sure that the machine is not using any sort of IP rewritting. If you ban one of these IPs then that potentially blocks everyone that comes through the same IP, be it a corporate site or even an ISP (although I doubt the last one).

A simple .htaccess file might look like this:

<Directory /path/to/dir>
deny from 205.252.46.165
</Directory>
'

- wil

Mark Hensler posted this at 21:28 — 23rd December 2001.

Mark Hensler's picture

He has: 4,048 posts

Joined: Aug 2000

You can also use server-side languages to perform additional logic. You can use Apache's environmental variables to access the remote IP: REMOTE_ADDR, REMOTE_HOST

Mark Hensler
If there is no answer on Google, then there is no question.

zimbabwe posted this at 16:12 — 24th December 2001.

They have: 58 posts

Joined: May 2001

Will -

Yes, I was using javascript. This is not blocking confidential information or anything like that. I work for an ISP and we are implimenting a speed test for our customers. We don't want everyone in the world to be using up our bandwidth for this which is why I needed to block all except for a certain range of IPs.

We are running NT / 2000 servers for our web services.

Thanks,

Zimbabwe

Want to join the discussion? Create an account or log in if you already have one. Joining is fast, free and painless! We’ll even whisk you back here when you’ve finished.