• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Ban ip range from viewing website

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Programming and More

View previous topic :: View next topic  
Author Message
DaMonster
Guest






PostPosted: Wed Sep 11, 2002 2:36 pm    Post subject: Ban ip range from viewing website Reply with quote

Hello,
i was wondering about...how can i ban an ip or ip range from viewing my website
if is there a way...let me know please...
Thanks
Back to top
chris
Forum Fanatic
Forum Fanatic


Joined: 18 Apr 2002
Posts: 16777201
Location: ~/security-forums

Offline

PostPosted: Wed Sep 11, 2002 2:41 pm    Post subject: Reply with quote

Depends on the http server, is it IIS or apache?

In IIS, do properties on the virtual server then
directory security

On here is an Ip security tab

By default all users will be allowed except:

banned.users.ip.here

In linux you could add them to /etc/hosts.deny Smile
Back to top
View user's profile Send private message AIM Address Yahoo Messenger MSN Messenger
chris
Forum Fanatic
Forum Fanatic


Joined: 18 Apr 2002
Posts: 16777201
Location: ~/security-forums

Offline

PostPosted: Wed Sep 11, 2002 2:42 pm    Post subject: Reply with quote

just realised this was posted in a programming forum Smile

So you want to block an IP with code? what code?

Would be better to do it at server level though
Back to top
View user's profile Send private message AIM Address Yahoo Messenger MSN Messenger
Wombat
Trusted SF Member
Trusted SF Member


Joined: 24 Apr 2002
Posts: 0
Location: Canberra

Offline

PostPosted: Thu Sep 12, 2002 12:48 am    Post subject: Reply with quote

I just found some info about this in Webmaster World:

http://www.webmasterworld.com/forum23/969.htm
Back to top
View user's profile Send private message
werem00se
Just Arrived
Just Arrived


Joined: 28 Aug 2002
Posts: 0
Location: U.S.A (west)

Offline

PostPosted: Thu Sep 12, 2002 1:31 am    Post subject: Reply with quote

Heck, do it at the firewall...If the firewall is *smart enough, you could do all sorts of goofy stuff with his connections. Redirect to loopback, your favorite pr0n page, a second *special page with lots of misinformation...blah blah...
Back to top
View user's profile Send private message
Jason
Forum Fanatic
Forum Fanatic


Joined: 19 Sep 2002
Posts: 16777215


Offline

PostPosted: Sat Oct 12, 2002 1:09 pm    Post subject: Reply with quote

If you are using coldfusion, you can add the following block of code to the top of the page. if the users ip address is the same as the blocked one, the page stops processing and returns a permissions notice.

Code:

<cfif CGI.REMOTE_ADDR eq "192.168.0.33">
<font face="arial" size="3" color="red">Access Denied</font>
<cfabort>
</cfif>


where 192.168.0.33 is the ip address you wish to block from seeing the page.

NOTE: this is not very secure, as the user of that ip address could bounce through a proxy to conceal his ip. a better way is below:

Code:

<cfif CGI.REMOTE_ADDR NEQ "192.168.0.33">
<font face="arial" size="3" color="red">Access Denied</font>
<cfabort>
</cfif>


ie, this time you deny access to the page from all but one ip address.

if you wish to only give access to a few hosts, it is possible to store their ip addresses in a database table, checking the IP address against those in the DB each time the page is accessed.

Code:

<cfquery name="checkip" datasource="mydsn">
select IPADDR from allowed where ipaddr = #cgi.remote_addr#
</cfquery>

<cfif checkip.recordcount neq 1>
<font face="arial" size="3" color="red">Access Denied</font>
<cfabort>
</cfif>


this code checks the remote computers ip address against a list of those allowed. if the remote ip is not in the list processing stops with the access denied message.

the theory for this is simple, therefor should be easy to apply to any other web language, php, asp etc.

basically you are accessing the CGI varible REMOTE_ADDR, and checking it against your db, or a hardcoded ip.

word of caution: do your self a massive favour, dont copy and paste the code into each page. instead, dump the code into a seperate file, and include in the the page currently being processed. the reason for this, if you wish to make one change, and you have the code pasted into loads of pages, you have to go through and change each page. calling it from another file means modifying the same code only once.

coldfusion users can use the cfinclude tag:

Code:

<cfinclude template="filename.cfm">



Hope this is of some help. i have done coldfusion development for a couple of years, so if you need any help give us a shout.


J
Back to top
View user's profile Send private message Send e-mail
Wombat
Trusted SF Member
Trusted SF Member


Joined: 24 Apr 2002
Posts: 0
Location: Canberra

Offline

PostPosted: Sun Oct 13, 2002 10:58 am    Post subject: Reply with quote

That's good advice jasonlambert, thanks.

If any of you haven't experienced the joys of server-side includes (SSI) yet (as jasonlambert mentioned with the cfinclude tag), I recommend you give them a go. They work with most (all?) server-side languages, only the syntax differs. Check with your host to see if they support SSI.

Basically, you can make a separate file that contains a chunk of code (e.g. HTML, ASP, JSP, anything you like). Then you can put a reference to this file in as many pages in your site as you like. The code in the file will be literally "included" in the code that gets sent from the server to the user's browser.

You should consider using SSI anywhere that you have code that is repeated across many pages in your site (e.g. for navigation). By using SSI, you only need to make changes to the one file, and your changes are then served up in all pages that use that file as an include. You'll save yourself a heap of time on site maintenance.

On a related note, you can do a similar thing with JavaScript. Use a JavaSript library file (that's just a text file with a .js extension) to hold any JavaScript that is repeated across many pages in your site. Then you "include" that file in your site's pages. Note that the "inclusion" happens client-side, not server-side. This method offers the same maintenance advantages of SSI (only one file to edit), plus the extra advantage that the code in the library file is only downloaded to the client machine once and is then held in the user's cache, so all subsequent pages using that code will load faster.
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Programming and More All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Looking for more Windows Networking info?

Sign up to the WindowsNetworking.com Monthly Newsletter, written by Enterprise Security MVP Deb Shinder, containing news, the hottest tips, Networking links of the month and much more. Subscribe today and don't miss a thing!
View a sample newsletter.

Become a WindowsNetworking.com member!

Discuss your Windows Networking issues with thousands of other Windows Newtorking experts. Click here to join!

Community Area

Log in | Register

Readers' Choice

Which is your preferred data recovery solution?

Follow TechGenix on Twitter