Solved

Block based on IP address

Posted on 2011-09-08
16
670 Views
Last Modified: 2012-05-12
Is there an easy way to put a bunch of ip address ranges (for example one range would be 64.106.135.32/29) into a table then do a lookup based on the client ip address and redirect if we get a match?
0
Comment
Question by:RickEpnet
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 3
  • +2
16 Comments
 
LVL 36

Expert Comment

by:SidFishes
ID: 36505352
you could simply look at the first 3 segments

<cfset addr = cgi.remote_addr>
<cfif find("64.106.135",addr)>
Redirect
</cfif>

otherwise you could just run a query against your table using addr as your filter

0
 
LVL 14

Author Comment

by:RickEpnet
ID: 36505493
But is Acually blocking more than I need to is it not?
0
 
LVL 36

Expert Comment

by:SidFishes
ID: 36505676
don't know. it -does- "block a bunch of ip's" :)

didn't notice your /29 in the q

Don't think there's anything you can do with a netmask using cf

all you could do is the query idea to block a single ip

<cfset addr = cgi.remote_addr>

<cfquery name="iplookupo"...>
select ip from tblIpAddys where ip = "addr"
</cfquery>
<cfif iplookup.recordcount neq 0>
redirect
</cfif>






0
Instantly Create Instructional Tutorials

Contextual Guidance at the moment of need helps your employees adopt to new software or processes instantly. Boost knowledge retention and employee engagement step-by-step with one easy solution.

 
LVL 6

Expert Comment

by:billfusion
ID: 36505724
If you really need to use ranges, then
- create a table that has stored the binary format of the IP Addresses starting and ending addresses, and the destination for those addresses.
- Convert the brower's IP address to binary (Should create a UDF that returns the appropriate string or create a DB-based function that does the conversion),
- the run the SQL query with WHERE (BROWER_IP >= START_ADDRESS AND BROWER_IP >= END_ADDRESS)  and should return the redirect destination.

Let me know if you need help creating the functions, but here is a primer:

 
64.106.135.32 = 01000000.01101010.10000111.00100 000
29            = 11111111.11111111.11111111.11111 000 (29 ones)
Wildcard      = 00000000.00000000.00000000.00000 111 (ones left from mask above)

So:
Usable IPs = 6 IPs
Broadcast :  01000000.01101010.10000111.00100 111 or 64.106.135.39
First Usable:01000000.01101010.10000111.00100 001 or 64.106.135.33
Max Usable : 01000000.01101010.10000111.00100 110 or 64.106.135.38

Open in new window

0
 
LVL 14

Author Comment

by:RickEpnet
ID: 36505795
billfusion this looks like what I need. How would I convert to binary?
0
 
LVL 52

Expert Comment

by:_agx_
ID: 36505801
I'm not sure it's the best way to do this, but .. what about converting the range into 2 numbers (start and end) and storing those in a table

        IPRange (string)    * store 64.106.135.32/29  if desired
        StartIP (unsigned int)
        EndIP (unsigned int)

Then a simple between would tell you if the current IP was within a blocked range.  Something like

WHERE   #IPConvert(cgi.remote_addr)# BETWEEN StartIP AND EndIP

ColdFusion function
http://www.cflib.org/index.cfm?event=page.udfbyid&udfid=946
MySQL functions
http://dev.mysql.com/doc/refman/5.0/en/miscellaneous-functions.html#function_inet-aton
0
 
LVL 52

Expert Comment

by:_agx_
ID: 36505810
Never mind ;) Took too long and looks like billfusion beat me to it.
0
 
LVL 6

Expert Comment

by:billfusion
ID: 36506084
Sorry aqx, I'm in good company with a Genius (your rank) :-)

Thanks for the pointer to the functions.

@RickEpnet it would be more efficient to use unsigned int via aqx's function than to use the binary strings I described.  I believe comparing its is more efficient for the database than comparing strings.  The principal is still the same.
0
 
LVL 6

Accepted Solution

by:
billfusion earned 500 total points
ID: 36506122
@RickEpnet you can still use the binary representation of the IP address to figure out the ranges from the IPaddress/mask combos.  You can also use any of the web's IP Address calculators to get the actual ranges; I've used the one in the bottom of this page in the past: http://jodies.de/ipcalc
0
 
LVL 52

Expert Comment

by:_agx_
ID: 36506268
>> Sorry aqx, I'm in good company

Thanks :)

>> The principal is still the same.

Yep, plus he still needs the method you showed to convert the range into a start/end value anyway. Either way it's all good stuff to have in the archives.
0
 
LVL 16

Expert Comment

by:Gurpreet Singh Randhawa
ID: 36510685
Check tis tutorial

http://tutorial563.easycfm.com/
0
 
LVL 16

Expert Comment

by:Gurpreet Singh Randhawa
ID: 36510692
oops! wrong window i think

:)
0
 
LVL 14

Author Comment

by:RickEpnet
ID: 36512660
I will try some of these things as soon as I hear from the customer.
0
 
LVL 52

Expert Comment

by:_agx_
ID: 36557762
If you have time, post a summary of what you did to help others reviewing the thread in the future.
0
 
LVL 14

Author Comment

by:RickEpnet
ID: 36561152
Looks like I may not have gotten the job so I may never complete it.
0
 
LVL 52

Expert Comment

by:_agx_
ID: 36561426
Sorry to hear that.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Creating and Managing Databases with phpMyAdmin in cPanel.
Preparing an email is something we should all take special care with – especially when the email is for somebody you may not know very well. The pressures of everyday working life stacked with a hectic office environment can make this a real challen…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question