[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 676
  • Last Modified:

Block based on IP address

Is there an easy way to put a bunch of ip address ranges (for example one range would be 64.106.135.32/29) into a table then do a lookup based on the client ip address and redirect if we get a match?
0
RickEpnet
Asked:
RickEpnet
  • 5
  • 4
  • 3
  • +2
1 Solution
 
SidFishesCommented:
you could simply look at the first 3 segments

<cfset addr = cgi.remote_addr>
<cfif find("64.106.135",addr)>
Redirect
</cfif>

otherwise you could just run a query against your table using addr as your filter

0
 
RickEpnetAuthor Commented:
But is Acually blocking more than I need to is it not?
0
 
SidFishesCommented:
don't know. it -does- "block a bunch of ip's" :)

didn't notice your /29 in the q

Don't think there's anything you can do with a netmask using cf

all you could do is the query idea to block a single ip

<cfset addr = cgi.remote_addr>

<cfquery name="iplookupo"...>
select ip from tblIpAddys where ip = "addr"
</cfquery>
<cfif iplookup.recordcount neq 0>
redirect
</cfif>






0
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
billfusionCommented:
If you really need to use ranges, then
- create a table that has stored the binary format of the IP Addresses starting and ending addresses, and the destination for those addresses.
- Convert the brower's IP address to binary (Should create a UDF that returns the appropriate string or create a DB-based function that does the conversion),
- the run the SQL query with WHERE (BROWER_IP >= START_ADDRESS AND BROWER_IP >= END_ADDRESS)  and should return the redirect destination.

Let me know if you need help creating the functions, but here is a primer:

 
64.106.135.32 = 01000000.01101010.10000111.00100 000
29            = 11111111.11111111.11111111.11111 000 (29 ones)
Wildcard      = 00000000.00000000.00000000.00000 111 (ones left from mask above)

So:
Usable IPs = 6 IPs
Broadcast :  01000000.01101010.10000111.00100 111 or 64.106.135.39
First Usable:01000000.01101010.10000111.00100 001 or 64.106.135.33
Max Usable : 01000000.01101010.10000111.00100 110 or 64.106.135.38

Open in new window

0
 
RickEpnetAuthor Commented:
billfusion this looks like what I need. How would I convert to binary?
0
 
_agx_Commented:
I'm not sure it's the best way to do this, but .. what about converting the range into 2 numbers (start and end) and storing those in a table

        IPRange (string)    * store 64.106.135.32/29  if desired
        StartIP (unsigned int)
        EndIP (unsigned int)

Then a simple between would tell you if the current IP was within a blocked range.  Something like

WHERE   #IPConvert(cgi.remote_addr)# BETWEEN StartIP AND EndIP

ColdFusion function
http://www.cflib.org/index.cfm?event=page.udfbyid&udfid=946
MySQL functions
http://dev.mysql.com/doc/refman/5.0/en/miscellaneous-functions.html#function_inet-aton
0
 
_agx_Commented:
Never mind ;) Took too long and looks like billfusion beat me to it.
0
 
billfusionCommented:
Sorry aqx, I'm in good company with a Genius (your rank) :-)

Thanks for the pointer to the functions.

@RickEpnet it would be more efficient to use unsigned int via aqx's function than to use the binary strings I described.  I believe comparing its is more efficient for the database than comparing strings.  The principal is still the same.
0
 
billfusionCommented:
@RickEpnet you can still use the binary representation of the IP address to figure out the ranges from the IPaddress/mask combos.  You can also use any of the web's IP Address calculators to get the actual ranges; I've used the one in the bottom of this page in the past: http://jodies.de/ipcalc
0
 
_agx_Commented:
>> Sorry aqx, I'm in good company

Thanks :)

>> The principal is still the same.

Yep, plus he still needs the method you showed to convert the range into a start/end value anyway. Either way it's all good stuff to have in the archives.
0
 
Gurpreet Singh RandhawaWeb DeveloperCommented:
Check tis tutorial

http://tutorial563.easycfm.com/
0
 
Gurpreet Singh RandhawaWeb DeveloperCommented:
oops! wrong window i think

:)
0
 
RickEpnetAuthor Commented:
I will try some of these things as soon as I hear from the customer.
0
 
_agx_Commented:
If you have time, post a summary of what you did to help others reviewing the thread in the future.
0
 
RickEpnetAuthor Commented:
Looks like I may not have gotten the job so I may never complete it.
0
 
_agx_Commented:
Sorry to hear that.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 5
  • 4
  • 3
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now