Browse: Home / PHP Ban List Proxy Prevention Extension for Apache with .htaccess

PHP Ban List Proxy Prevention Extension for Apache with .htaccess

By Mark on 2010/09/02

Demonfire asked me to make a version that got the banned ip’s out of the apache .htaccess list. You need to have a .htaccess file for this to work properly. This extends apaches native blocking by adding an extra layer that will catch some people who attempt to bypass it via proxy ( not all proxies will be stopped by this )

<?php

/******************************************************************************
  Configuration
/******************************************************************************/

$admin_mail	= 'admin@localhost';	// admin's email address

/******************************************************************************
  Read Ban List from .htaccess ( so essentially, if they used a proxy and
  apache misses it, the script can do a second check )
/******************************************************************************/
$banned_ip  = array();
$ban_list   = file(PATH.'.htaccess');

foreach($ban_list as $line)
{
  if (stripos($line, "deny from") !== false)
  {
    $line   = trim($line);
    $parts  = explode(' ', $line);

    if ( stripos(trim($parts[2]), 'all') === false )
    {
      $banned_ip[]  .= trim($parts[2]);
    }
  }
}

/******************************************************************************
  get_ip()	- Attempts to retrieve the most accurate IP possible from user.
/******************************************************************************/

function get_ip()
{
  if(isset($_SERVER['X_FORWARDED_FOR']))
  {
    if(strpos($_SERVER['X_FORWARDED_FOR'], ',') === false)
    {
      return $_SERVER['X_FORWARDED_FOR'];
    }
    return trim(reset(explode(',', $_SERVER['X_FORWARDED_FOR'])));
  }
  return $_SERVER['REMOTE_ADDR'];
}

$ip = get_ip();

if ( !is_empty($banned_ip) && in_array($ip, $banned_ip) )
{
	header("HTTP/1.1 403 Forbidden");
	echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
	"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
	<head>
		<meta http-equiv="Content-type" content="text/html; charset=utf-8" />
		<title>ERROR: 403 Forbidden - You have been banned!</title>
		<style type="text/css">
		</style>
	</head>
	<body>
		<h1>ERROR: 403 FORBIDDEN</h1>
		<p>
			It appears that your IP ( '.$ip.' ) has been banned from accessing
			this sites content. If you feel that this banning is in error, feel
			free to contact the sites administrator to have it removed.
		</p>
		<p>Admin Contact: <a href="MAILTO:'.$admin_mail.'">'.$admin_mail.'</a></p>
	</body>
</html>
';
	die();
}
mysql_close($con);

// clean up variables
unset($ip,$admin_mail,$banned_ip, $ban_list);

/* end of file */

Posted in | Leave a response

PHP IP Ban List ( No MySQL )

By Mark on 2010/09/01

Cassie requested an SQL free version, where she could just put IP’s into a file, so here it is…

<?php

/******************************************************************************
  Configuration
/******************************************************************************/

$admin_mail	= 'admin@localhost';	// admin's email address

/******************************************************************************
  Prep ban list
/******************************************************************************/
$banned_ip  = array();

/******************************************************************************
  Ban List
/******************************************************************************/
$banned_ip[]  .= '0.0.0.0'; // example ban 1 ( remove before using script )
$banned_ip[]  .= 'ff80::';  // example ban 2 ( remove before using script )

/******************************************************************************
  get_ip()	- Attempts to retrieve the most accurate IP possible from user.
/******************************************************************************/

function get_ip()
{
  if(isset($_SERVER['X_FORWARDED_FOR']))
  {
    if(strpos($_SERVER['X_FORWARDED_FOR'], ',') === false)
    {
      return $_SERVER['X_FORWARDED_FOR'];
    }
    return trim(reset(explode(',', $_SERVER['X_FORWARDED_FOR'])));
  }
  return $_SERVER['REMOTE_ADDR'];
}

$ip = get_ip();

if ( !is_empty($banned_ip) && in_array($ip, $banned_ip) )
{
	header("HTTP/1.1 403 Forbidden");
	echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
	"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
	<head>
		<meta http-equiv="Content-type" content="text/html; charset=utf-8" />
		<title>ERROR: 403 Forbidden - You have been banned!</title>
		<style type="text/css">
		</style>
	</head>
	<body>
		<h1>ERROR: 403 FORBIDDEN</h1>
		<p>
			It appears that your IP ( '.$ip.' ) has been banned from accessing
			this sites content. If you feel that this banning is in error, feel
			free to contact the sites administrator to have it removed.
		</p>
		<p>Admin Contact: <a href="MAILTO:'.$admin_mail.'">'.$admin_mail.'</a></p>
	</body>
</html>
';
	die();
}
mysql_close($con);

// clean up variables
unset($ip,$admin_mail,$banned_ip);

/* end of file */

Hopefully there are no typos.

Posted in | Leave a response

« Previous