Solved

Block based on IP address

Posted on 2011-09-08
16
661 Views
Last Modified: 2012-05-12
Is there an easy way to put a bunch of ip address ranges (for example one range would be 64.106.135.32/29) into a table then do a lookup based on the client ip address and redirect if we get a match?
0
Comment
Question by:RickEpnet
  • 5
  • 4
  • 3
  • +2
16 Comments
 
LVL 36

Expert Comment

by:SidFishes
ID: 36505352
you could simply look at the first 3 segments

<cfset addr = cgi.remote_addr>
<cfif find("64.106.135",addr)>
Redirect
</cfif>

otherwise you could just run a query against your table using addr as your filter

0
 
LVL 14

Author Comment

by:RickEpnet
ID: 36505493
But is Acually blocking more than I need to is it not?
0
 
LVL 36

Expert Comment

by:SidFishes
ID: 36505676
don't know. it -does- "block a bunch of ip's" :)

didn't notice your /29 in the q

Don't think there's anything you can do with a netmask using cf

all you could do is the query idea to block a single ip

<cfset addr = cgi.remote_addr>

<cfquery name="iplookupo"...>
select ip from tblIpAddys where ip = "addr"
</cfquery>
<cfif iplookup.recordcount neq 0>
redirect
</cfif>






0
 
LVL 6

Expert Comment

by:billfusion
ID: 36505724
If you really need to use ranges, then
- create a table that has stored the binary format of the IP Addresses starting and ending addresses, and the destination for those addresses.
- Convert the brower's IP address to binary (Should create a UDF that returns the appropriate string or create a DB-based function that does the conversion),
- the run the SQL query with WHERE (BROWER_IP >= START_ADDRESS AND BROWER_IP >= END_ADDRESS)  and should return the redirect destination.

Let me know if you need help creating the functions, but here is a primer:

 
64.106.135.32 = 01000000.01101010.10000111.00100 000
29            = 11111111.11111111.11111111.11111 000 (29 ones)
Wildcard      = 00000000.00000000.00000000.00000 111 (ones left from mask above)

So:
Usable IPs = 6 IPs
Broadcast :  01000000.01101010.10000111.00100 111 or 64.106.135.39
First Usable:01000000.01101010.10000111.00100 001 or 64.106.135.33
Max Usable : 01000000.01101010.10000111.00100 110 or 64.106.135.38

Open in new window

0
 
LVL 14

Author Comment

by:RickEpnet
ID: 36505795
billfusion this looks like what I need. How would I convert to binary?
0
 
LVL 52

Expert Comment

by:_agx_
ID: 36505801
I'm not sure it's the best way to do this, but .. what about converting the range into 2 numbers (start and end) and storing those in a table

        IPRange (string)    * store 64.106.135.32/29  if desired
        StartIP (unsigned int)
        EndIP (unsigned int)

Then a simple between would tell you if the current IP was within a blocked range.  Something like

WHERE   #IPConvert(cgi.remote_addr)# BETWEEN StartIP AND EndIP

ColdFusion function
http://www.cflib.org/index.cfm?event=page.udfbyid&udfid=946
MySQL functions
http://dev.mysql.com/doc/refman/5.0/en/miscellaneous-functions.html#function_inet-aton
0
 
LVL 52

Expert Comment

by:_agx_
ID: 36505810
Never mind ;) Took too long and looks like billfusion beat me to it.
0
 
LVL 6

Expert Comment

by:billfusion
ID: 36506084
Sorry aqx, I'm in good company with a Genius (your rank) :-)

Thanks for the pointer to the functions.

@RickEpnet it would be more efficient to use unsigned int via aqx's function than to use the binary strings I described.  I believe comparing its is more efficient for the database than comparing strings.  The principal is still the same.
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 
LVL 6

Accepted Solution

by:
billfusion earned 500 total points
ID: 36506122
@RickEpnet you can still use the binary representation of the IP address to figure out the ranges from the IPaddress/mask combos.  You can also use any of the web's IP Address calculators to get the actual ranges; I've used the one in the bottom of this page in the past: http://jodies.de/ipcalc
0
 
LVL 52

Expert Comment

by:_agx_
ID: 36506268
>> Sorry aqx, I'm in good company

Thanks :)

>> The principal is still the same.

Yep, plus he still needs the method you showed to convert the range into a start/end value anyway. Either way it's all good stuff to have in the archives.
0
 
LVL 15

Expert Comment

by:Gurpreet Singh Randhawa
ID: 36510685
Check tis tutorial

http://tutorial563.easycfm.com/
0
 
LVL 15

Expert Comment

by:Gurpreet Singh Randhawa
ID: 36510692
oops! wrong window i think

:)
0
 
LVL 14

Author Comment

by:RickEpnet
ID: 36512660
I will try some of these things as soon as I hear from the customer.
0
 
LVL 52

Expert Comment

by:_agx_
ID: 36557762
If you have time, post a summary of what you did to help others reviewing the thread in the future.
0
 
LVL 14

Author Comment

by:RickEpnet
ID: 36561152
Looks like I may not have gotten the job so I may never complete it.
0
 
LVL 52

Expert Comment

by:_agx_
ID: 36561426
Sorry to hear that.
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Prologue It is often required to host multiple websites on a single instance of IIS, mostly in development environments instead of on production servers. I am sure it is not much a preferred solution on production servers but this is at least a pos…
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now