I need to access a site only from a specific IP address.
Is that possible using PHP.
The project is under development and some people used that and say "The site is not good". So
i like to avoid that kind of things. That's why i need this solutin.
try this:
if ($_SERVER['REMOTE_ADDR'] == "x.x.x.x")
echo "admin";
else
echo "user";
it checks the ip of user and do the action.
I would suggest to use a .htaccess file instead of adding this to your php-code:
RewriteEngine On
RewriteBase /
# IPs that are still allowed to view everything
RewriteCond %{REMOTE_ADDR} !^213.123.39.12$ [NC]
RewriteRule !^(noentry_image.jpg|favicon.ico)$ sorry_stay_out.html [L]
just put the ".htaccess" file into your root-dir of your website. Then everybody will be redirected to the sorry_stay_out.html page, that contains the noentry_image.jpg.
All visitors from the IP that is allowed will see the site as normal. You can repeat the line "RewriteCond %{REMOTE_ADDR} !^213.123.39.12$ [NC]" with different IPs as often as you want, to add additional IPs.
Alternative with just blocking:
order allow,deny
allow from 62.57.16.192
allow from 72.232.56.154
deny from all
You can use $_SERVER variables to check if the source is from the IP you're limiting to. Here are some useful function snippets ($s is just $_SERVER):
function gethostname($ip){
return gethostbyaddr($ip);}
function gethostnamepretty($ip){
$host=gethostbyaddr($ip);
$host=explode('.',$host);
$max=count($host);
return $host[$max - 2];}
function getRawRealIP($s){
if (!empty($s['HTTP_CLIENT_IP'])) //check ip from share internet
{
$ip=$s['HTTP_CLIENT_IP'];
}
elseif (!empty($s['HTTP_X_FORWARDED_FOR'])) //to check ip is pass from proxy
{
$ip=$s['HTTP_X_FORWARDED_FOR'];
}
else
{
$ip=$s['REMOTE_ADDR'];
}
return $ip;}
function checkIP($ip){
return long2ip(ip2long($ip));}
function useragent($s){
return $s['HTTP_USER_AGENT'];}
Related
I have an ip list file for my country, as like this (txt document):
45.123.116.0/22
5.2.80.0/21
5.11.128.0/17
5.23.120.0/21
5.24.0.0/14
etc
i have two question about that.
1- can i forward the user, if he is in that list via .htaccess file? (if he is, use this adress.. if not this adress)
2- how can i check 'if the user is in my country' via PHP? i mean, how can i say something like that..
if (strstr('list.txt',$_SERVER['REMOTE_ADDR']))
*1).htaccess file
The visitor blocking facilities offered by the Apache Web Server enable us to deny access to specific visitors, or allow access to specific visitors. This is extremely useful for blocking unwanted visitors, or to only allow the web site owner access to certain sections of the web site, such as an administration*
ErrorDocument 403 /specific_page.html
area.*
order allow,deny
deny from 255.0.0.0
deny from 123.45.6.
allow from all
When using the "Order Allow,Deny" directive the requests must match either Allow or Deny, if neither is met, the request is denied.
doc 1)http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#order
doc 2)http://www.htaccess-guide.com/deny-visitors-by-ip-address/
2) Proof of Concept (can't say this works as is....)
$current_ip = $_SERVER['REMOTE_ADDR'];
$valid_ip = false;
// Convert IPs to Regex
foreach($cfg['ipallowed'] as $index=>$ip);
{
$ip = str_replace('.', '\\.', $ip);
$ip = str_replace('*', '[0-9]|^1?\\d\\d$|2[0-4]\\d|25[0-5]');
if (preg_match($ip, $current_ip)
{
$valid_up = true;
break;
}
}
if ($valid_ip)
1; you can redirect by IP to a holding page:
# Redirect a user to /specific_page.html based on their IP address.
RewriteCond %{REMOTE_ADDR} ^10\.0\.0\.2$ [OR]
RewriteCond %{REMOTE_ADDR} ^127\.0\.0\.2$
RewriteCond %{REQUEST_URI} !specific_page\.html$
RewriteCond %{REQUEST_URI} !\.(js|png|gif|jpg|css)$
RewriteRule ^ /specific_page.html [R=302,L]
2; see this question/answer which recommends using http://www.hostip.info/use.html.
I have several folders within my web server.
Each folder contains php / html files. In total there is around 40 files.
Using php I can determine the identity of the user who is currently logged in.
Is it possible to allow users to only access specific pages, based on who they are logged in as ?
I was wondering if .htaccess would allow this ? Or if there is a better way ?
I don't really want to start having to create a user / password authentication script.
Thanks
Using sessions, you can create user levels and restrict access to various areas by assigning user levels to SESSION variables. Presumably, since, quote Using php I can determine the identity of the user who is currently logged in., you have the ability to set up session variables. I believe this is known as role based access control - In it's very simplest form
if ($_SESSION['user_level'] == "Administrator") {
# do something
}
This article may help further
You could do something like this in your .htaccess:
RewriteEngine On
RewriteBase /
RewriteRule ^(.+?\.php)$ index.php?p=$1 [L,QSA,NC]
This will redirect all users trying to view a PHP page to index.php?p=someurl.php
Then in your index.php you can determine if the user has permission to view to file and if they do serve it, if not deny it.
if ( authorized() ) {
// show file
} else {
die("Not Authorized to Access this File.");
}
You can't directly access SESSIONs from .htaccess rules, but you can try a workaround if you're not willing to code.
Inside your authorizing code section, in the last lines after creating session, add a touch() to create a file name of current user session id:
touch("./folder/logged/PHPSESSID_".session_id());
Then within your .htaccess file try to validate if current PHPSESSID related file is created before:
RewriteCond %{HTTP_COOKIE} PHPSESSID=(\w+)
RewriteCond %{DOCUMENT_ROOT}/folder/logged/PHPSESSID_%1 -f
RewriteRule ^(.*)$ $1
RewriteRule .* /users/login [L]
* Also note that you should create a simple script to check if created files are valid anymore, if not then remove them.
* It's just an idea!
i am running a website and my website root directory have .htaccess and index.php, now i want to redirect all user's/traffic to "Under-Construction.php" page except my ip address.
i.e
www.example.com redirect to "www.example.com/under-construction/under-construction.php"
except my ip address.
How can do this with .htaccess.
How can do this with index.php.
example: if $_SERVER['REMOTE_ADDR'] is 123.123.123 redirect index.php else redirect "www.example.com/under-construction/under-construction.php"
Regards.
Like this with php. Put the code at the top of index.php.
if (!in_array(#$_SERVER['REMOTE_ADDR'], array('127.0.0.1', '123.123.123.123')))
{
header('Location: http://www.example.com/under-construction/under-construction.php');
exit;
}
I tested this on my server:
<?php
// echo $_SERVER['REMOTE_ADDR'];
// For proof of concept
if($_SERVER['REMOTE_ADDR'] == "123.123.123.123") {
header( 'Location: http://www.google.com/' ) ;
}
?>
(Obviously that's not my ip ;)
Just as a side note, this may not be the best way to filter incoming clients, especially if you don't have a static ip address that you'll be requesting from. Perhaps set a cookie on your machine that tells the site who you are? Or add a $_GET parameter i.e. if $_GET['dev'] == true then redirect.
Use this .htaccess code
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REQUEST_URI} ^\/index.php$
RewriteCond %{REMOTE_ADDR} !^127.0.0.1$ # replace 127.0.0.1 with your IP address
RewriteRule ^ http://www.example.com/under-construction/under-construction.php
</IfModule>
Note: Replace 127.0.0.1 with your IP address
I am trying to block the website to be viewed as not exist from certain region. Is this possible?
I know we can just put a die() and a blank page will be shown, but is there a way to make it seen like this domain does not exist?
You can use the geoip mod for apache ( http://www.maxmind.com/app/mod_geoip ). Mod_rewrite rules can then determine how to handle the page.
RewriteEngine on
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^CA$
RewriteRule ^(.*)$ http://www.america.com$1 [F]
The F forbids page access
No, unless you have the DNS server for that domain under your control. Which you usually don't for domains like domain.tld, you can only adjust the content based on the clients ip - for example you can just serve an empty page as you suggested. But it is still possible to query the domain with tools like nslookup.
If you don't have access to the DNS server, you can add .htaccess rule to ban people from specific ipaddresses. Following are some sample .htaccess rules
order allow,deny
deny from 123.456.789.012 #block the visitors from the specific ipaddress 123.456.789.012
deny from 123.456.789. #blocks the visitors from all ip within the range 123.456.789.xxx (i.e. 123.456.789.000 – 123.456.789.255)
deny from 123.456. #blocks the visitors from all ip within the range 123.456.xxx.xxx
deny from 123. #blocks the visitors from all ip within the range 123.xxx.xxx.xxx
allow from all #allow from all other.
<?php
if (getenv(HTTP_X_FORWARDED_FOR)) {
$pipaddress = getenv(HTTP_X_FORWARDED_FOR);
$ipaddress = getenv(REMOTE_ADDR);
echo "Your Proxy IPaddress is : ".$pipaddress. "(via $ipaddress)" ;
} else {
$ipaddress = getenv(REMOTE_ADDR);
echo "Your IP address is : $ipaddress";
}
?>
This code u can use to get ip address of visitor...
To detect region you'll need some free api..Try this..
This Api can also be used..
The second one is really easy to use..
<A HREF="http://www.hostip.info">
<IMG SRC="http://api.hostip.info/flag.php?ip=12.215.42.19" ALT="IP Address Lookup">
</A>
I'm trying to match subdomains to a customer id in symfony.
i.e. i have customer1.example.com and customer2.example.com
Domains are stored in a table.
When a user goes to customer1.example.com, I would like to get the subdomain, look up the domain name in the database, once matched, it will then deploy the app config for that customer and then store the customer_Id in a global attribute so i know exactly which customer I'm dealing with througout the whole application. The virtual host will have the relevant wildcard servername.
Have you managed to achieve this, and if so, how? If not, any ideas would be a great help!
I'm thinking about using a filter to do it.
:-)
also going to be needing yo set your domain as a wildcard domain, if not you going to need to create manually each subdomain per client.
another solution that is not so symphony dependent is using a .htaccess
<IfModule mod_rewrite.c>
Options +FollowSymLinks
Options +Indexes
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} !www.domain.com$ [NC]
RewriteCond %{HTTP_HOST} ^(www.)?([a-z0-9-]+).domain.com [NC]
RewriteRule (.*) $1?sub=%2&page=$1&domain=%{HTTP_HOST} [QSA,L]
<IfModule>
that code basically will send to the requested page the subdomain, the domain and the page requested. then in php you can check if it is equal to your client username. and allow you also to use parked domains for your clients at the same time.
i hope it helps.
Take a look at sfDomainRoutePlugin - it does what you want. However, in its current version you don't get the Propel or DoctrineRoute functionality, which means you must manually lookup the customer based on the subdomain parameter returned from the plugin. Example:
app/frontend/config/routing.yml
# pick up the homepage
homepage:
url: /
class: sfDomainRoute
param: { module: homepage, action: index }
requirements:
sf_host: [www.example.com, example.com]
# catch subdomains for customers
customer_subdomain:
url: /
class: sfDomainRoute
param: { module: customer, action: index }
app/frontend/modules/customer/actions.class.php
public function executeIndex(sfWebRequest $request)
{
// get the subdomain parameter
$this->subdomain = $request->getParameter('subdomain');
// retrieve customer (you have to create the retrieveBySubdomain method)
$this->customer = CustomerPeer::retrieveBySubdomain($this->subdomain);
}
This is just an example, but I use a similar approach myself, and the plugin does what is advertised. Good luck.
If you're adventurous, yuo could take a look at Chapter 2 in the "More with symfony book". This would help you understand the code in sfDomainRoutePlugin.
Because you want to load different app, filter won't help. Just use the frontcontroller (index.php) to extract the subdomain, and if the app directory exists, load the app (else 404). You can even store the id in app configuration.
I'm doing something similar. Note, I haven't tried this exact setup.
$tokens = explode('.', $_SERVER['SERVER_NAME'], 2);
$app = $tokens[0] == 'www' ? 'default' : $tokens[0]; //assumes you aren't allowing www.app.example.com, change if you are
try
{
$appConfiguration = ProjectConfiguration::getApplicationConfiguration($app, 'prod', false);
}
catch(InvalidArgumentException $e) //thrown if app doesn't exist
{
$fallbackConfiguration = ProjectConfiguration::getApplicationConfiguration('default', 'prod', false);
$context = sfContext::createInstance($fallbackConfiguration);
$request = $context->getRequest();
$request->setParameter('module', 'default'); //set what route you want an invalid app to go to here
$request->setParameter('action', 'invalidApplication');
$context->dispatch();
}
if (isset($appConfiguration))
{
sfContext::createInstance($appConfiguration)->dispatch();
}