Make it so only specified IP address can see site

[comptech520]

In PHP, how can I make it so only a specified IP address can see a website? All other users will be directed to another website?

[NogDog]

PHP Code:

<?php
$allowedIps = array(
   '1.2.3.4',
   '1.2.4.6'
);
if(!in_array($allowedIps, $_SERVER['REMOTE_ADDR']))
{
   header('Location: http://some.other.site/');
   exit;
}
?>
<!-- rest of page -->

[SrWebDeveloper]

OP: Please be informed - if the visitor comes through a proxy or firewall on their end their WAN IP might be the same as anyone else on their LAN. So you might intend to block one user but might end up blocking many sharing that IP. Plus if your filter allows wildcards to ban ranges, one typo and you could ban an entire class C, B or huge block of unintended addresses with one unnoticed typo. And even proxy servers can be used to bypass an IP ban anyway unless you implement an anti-blocking script. In short, there are a few notable potential headaches if this kind of policy is not applied sensibly and carefully.

-jim

[NogDog]

Quote:

Originally Posted by SrWebDeveloper

OP: Please be informed - if the visitor comes through a proxy or firewall on their end their WAN IP might be the same as anyone else on their LAN. So you might intend to block one user but might end up blocking many sharing that IP. Plus if your filter allows wildcards to ban ranges, one typo and you could ban an entire class C, B or huge block of unintended addresses with one unnoticed typo. And even proxy servers can be used to bypass an IP ban anyway unless you implement an anti-blocking script. In short, there are a few notable potential headaches if this kind of policy is not applied sensibly and carefully.

-jim

I was under the impression from the original post that the OP wanted to whitelist one or a small number of IPs, not blacklist a limited number or range of IP addresses.

In either case, this could also be handled at the web server level such as limiting access to a directory via a .htaccess entry (if Apache), though I'd have to do a little Googling to come up with the syntax for that.

[SrWebDeveloper]

Quote:

Originally Posted by NogDog

I was under the impression from the original post that the OP wanted to whitelist one or a small number of IPs, not blacklist a limited number or range of IP addresses.

Understood, the implications I listed work in reverse, too, i.e. you can let a whole LAN segment in if their caching proxy is bound to a single IP, for example. The main point is using IP's is subject to consequences, so be aware and carefully setup any filters. That's all.

-jim