Blacklisting IP Address
<?php if($_SERVER['REMOTE_ADDR'] != 'xx.xx.xx.xx') 开发者_Python百科{
header("Location: http://google.com");
} ?>
Is this a good way to block certain IP addresses from accessing some folders on my windows server ?
Or it can be intercepted with proxy softwares like webscarab and the originating IP address could be modified to bypass this ?
It can bypassed with any proxy with has a different IP address to the one you are blocking. You could check X-Forwarded-For
(dig it out with apache_request_headers()
if you are using Apache), but this is much easier to spoof if you give it precedence over $_SERVER['REMOTE_ADDR']
.
Also, I could ignore your Location
header. Put an exit
after it as well.
If your are want only blocking by IP you can use .htaccess for that - it's more easy to set rule for set of directories instead of creating a lot of php files. But it's not a good method for filter users. Create a simple registration form, or use API from twitter, facebook or another.
精彩评论