开发者

restrict codeigniter admin panel ip address

问答 作者:

hi friends i want开发者_如何学C to restrict ip address for my codeignter php website backend at office only for security reason. any advice if someone has already done it ?

An alternative to using .htaccess, you can also restrict the access from PHP (although .htaccess solution is more robust):

$your_ip_address='123.123.123.123'; //change it to yours
if (!isset($_SERVER['REMOTE_ADDR']) || $_SERVER['REMOTE_ADDR'] != $your_ip_address) {
   exit();
}

Locate the index.php in the webroot folder, add the above codes to the top of the file.

Hope this helps.

If you are using Apache, you could use a .htaccess file like..

order deny, allow
deny from all
allow from 111.222.333.444

Create a file .htaccess in the directory you want to protect and place the above inside.

http://httpd.apache.org/docs/current/howto/htaccess.html

I did this by following salah's post in this thread: http://codeigniter.com/forums/viewthread/141775/

Basically, you create a folder called admin/ , copy the main CI index.php to it, and adjust.

Then, add a .htaccess to that folder. For my application, I only needed AuthType, but IP allow/deny should work fine as well.

I was using CI 1.7.2 at the time.

Simple Way to do this

$current_ip = $this->input->ip_address();
$your_ip_address='127.0.0.1';

if($current_ip == $your_ip_address){
    echo 'something is wrong';
    exit();
}

I had to share my code for doing it, in case you are behind a CDN, and you want to use allow multiple IPS:

/**
 * return array value in key in case it exists and has value
 * @param array $arr
 * @param $key
 * @return bool|mixed
 */
function is($arr = array(), $key){
    if(isset($arr[$key]) && $arr[$key]){
        return $arr[$key];
    }
    return false;
}

/**
 * this function return the actual client IP in case it is behind CDN
 * @return string
 */
function getClientIp() {
    $ipAddress = '';
    if (is($_SERVER, 'HTTP_CLIENT_IP')) {
        $ipAddress = $_SERVER['HTTP_CLIENT_IP'];
    } else if (is($_SERVER, 'HTTP_X_FORWARDED_FOR')) {
        $ipAddress = $_SERVER['HTTP_X_FORWARDED_FOR'];
    } else if (is($_SERVER, 'HTTP_X_FORWARDED')) {
        $ipAddress = $_SERVER['HTTP_X_FORWARDED'];
    } else if (is($_SERVER, 'HTTP_FORWARDED_FOR')) {
        $ipAddress = $_SERVER['HTTP_FORWARDED_FOR'];
    } else if (is($_SERVER, 'HTTP_FORWARDED')) {
        $ipAddress = $_SERVER['HTTP_FORWARDED'];
    } else if (is($_SERVER, 'REMOTE_ADDR')) {
        $ipAddress = $_SERVER['REMOTE_ADDR'];
    } else {
        $ipAddress = 'UNKNOWN';
    }

    return $ipAddress;
}

/**
 * Allowed IPS
 */
$allowedIPSArr = array(
    '127.0.0.1',
    '127.0.0.2',
);

if(!in_array(getClientIp(),$allowedIPSArr, true)){
// You might want to do some redirect here
    die();
}

继续阅读:codeigniter

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9