开发者

Blacklisting IP Address

<?php if($_SERVER['REMOTE_ADDR'] != 'xx.xx.xx.xx') 开发者_Python百科{ 
header("Location: http://google.com");
} ?> 

Is this a good way to block certain IP addresses from accessing some folders on my windows server ?

Or it can be intercepted with proxy softwares like webscarab and the originating IP address could be modified to bypass this ?


It can bypassed with any proxy with has a different IP address to the one you are blocking. You could check X-Forwarded-For (dig it out with apache_request_headers() if you are using Apache), but this is much easier to spoof if you give it precedence over $_SERVER['REMOTE_ADDR'].

Also, I could ignore your Location header. Put an exit after it as well.


If your are want only blocking by IP you can use .htaccess for that - it's more easy to set rule for set of directories instead of creating a lot of php files. But it's not a good method for filter users. Create a simple registration form, or use API from twitter, facebook or another.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜