ip php blocking on single page

[freelance84]

Could somebody please point me in the right direction....

 

I want to block the US, AUS, NZ, CAN, IRE from the index.php of my site. But not the rest of the site.

 

The following site (like many others) provides a pretty neat list for the htaccess http://www.ipinfodb.com/ip_country_block.php

 

I did a test. I got the list for blocking the UK. After copying the UK list to my htaccess i couldn't view my site.

 

The thing i don't get is... my ip address was not in the list but i was still blocked,

 

The 1st 2 sets from my ip are '2.100'

 

The only ip's in the list starting with 2 are:

deny from 2.24.0.0/13

deny from 2.96.0.0/13

deny from 2.120.0.0/12

deny from 2.136.0.0/13

 

How exactly is this all working? And what's the best way of blocking the above countries from just my index.php?

 

Any links to manuals or anything here would be great...

 

 

Thank You.

 

John

[Pikachu2000]

Your IP is in the list. It falls within the 2.96.0.0/13 subnet range.

[JonnoTheDev]

I would use a data feed if you have a lot of traffic. If not a simple API lookup will do the job.

Forget maintaining your own lists. Try these guys http://www.hostip.info/use.html

[freelance84]

Your IP is in the list. It falls within the 2.96.0.0/13 subnet range.

 

How did you calculate that?

[Pikachu2000]

It comes from my Cisco Systems studies. The /13 is a subnet mask, represented in bits, so the mask would be 255.248.0.0. I convert the mask and the address to binary, and apply the mask to the address. It's difficult to explain the calculation without being able to demonstrate it, but the mask defines the network and host ranges of the address, as well as determining how many subnets are available with that particular mask.

 

At any rate, the IP address range for that subnet is 2.96.0.0 - 2.103.255.255, with the lowest address being the subnet's network address and the highest being the subnet's broadcast address.

[freelance84]

Ah ok... that sounds reasonably complex.

 

What would you suggest then:

When I use .htaccess to block the USA and a few other countries it slows the site down quite noticeably. As the site requires a username and password, the use of .htaccess to block certain countries is no good: Once the member is logged in there is no point checking what country they are from.

 

 

I thought the best way would be to use a database:

Upon load of the index.php, the 1st thing it is instructed to do is use an in_array against all the returned ip addresses in the db table. Is this going to be possible if I have to run a complex calculation of each ip address to discover the ip range?

[PFMaBiSmAd]

Here's a mysql query statement that would calculate that -

 

select inet_ntoa(inet_aton('2.96.0.0') + (pow(2, (32-13))-1));

 

[Pikachu2000]

I've never been a big fan of using .htaccess rules or anything like that for IP based decisions; that job should be the responsibility of a router/firewall. If it's the only option you have however, I guess you either have to do that, or use maybe use a "pick your country" page and store a cookie. It depends on whether you want the block to be an actual block, or just a redirect.

[freelance84]

...It depends on whether you want the block to be an actual block, or just a redirect.

 

I don't want certain countries to be able to login until I'm ready for them: So I would ideally like people from those said countries to not see the login form. As an additional check I would also run the same check on the authenticate script.

 

Here's a mysql query statement that would calculate that -

select inet_ntoa(inet_aton('2.96.0.0') + (pow(2, (32-13))-1));

 

For this query, the 2.96.0.0 is the users ip address, but should any of pow(2, (32-13))-1) change per query? Or are these numbers always fixed?

[PFMaBiSmAd]

That example is for the - 2.96.0.0/13 value and the 13 would change.

[freelance84]

Hmm.. well as i do not know the range to start with...

 

Using the INET_ATON() function i can turn the IP into a numeric value.

 

If the following numeric ip range exists in a table:

 

"47710208","48234495","UK","UNITED KINGDOM"

 

And the numeric value of an ip to test was "47722222".

 

How would I check to see if the ip to test was in this range.... what would the mysql query look like?

(i appreciate this thread could now be seen as being in the wrong section)

[PFMaBiSmAd]

You would use a BETWEEN ... AND ... comparison - http://dev.mysql.com/doc/refman/5.0/en/comparison-operators.html#operator_between

[freelance84]

ah ok....

 

That's absolutely brilliant.

 

Thanks for all your help 

[freelance84]

Ah... hang on. Still confused here...

 

"47710208","48234495","UK","UNITED KINGDOM"

And the numeric value of an ip to test was "47722222".

 

The only input i shall have at the start is the users ip address, eg: 47722222.

 

To use the 'BETWEEN min AND max' function i will need both the min and max, this would mean I would need to return all the ip's in one search, then with each returned result make a new query.

 

Is there a better way of doing this? Might i as well be placing all the numeric values from the table into one giant array in an included .php file and using in_array instead? Especially as the above way needs to return all the results into a mysql array anyway (thus taking up RAM on the server).

[PFMaBiSmAd]

<?php
$the_ip = $_SERVER['REMOTE_ADDR'];
$query = "SELECT inet_ntoa(int_ip_low) as ip_low, inet_ntoa(int_ip_high) as ip_high FROM ip WHERE inet_aton('$the_ip') BETWEEN int_ip_low AND int_ip_high";
$result = $mysqli->query($query);
if($result->num_rows){
$row = $result->fetch_assoc();
echo "Your IP: $the_ip is between {$row['ip_low']} and {$row['ip_high']}";
} else {
echo "Your IP: $the_ip was not found";
}

[freelance84]

Wow, thanks a lot!

 

That's a lot to chew on