Solved

Block based on IP address

Posted on 2011-09-08
16
667 Views
Last Modified: 2012-05-12
Is there an easy way to put a bunch of ip address ranges (for example one range would be 64.106.135.32/29) into a table then do a lookup based on the client ip address and redirect if we get a match?
0
Comment
Question by:RickEpnet
  • 5
  • 4
  • 3
  • +2
16 Comments
 
LVL 36

Expert Comment

by:SidFishes
ID: 36505352
you could simply look at the first 3 segments

<cfset addr = cgi.remote_addr>
<cfif find("64.106.135",addr)>
Redirect
</cfif>

otherwise you could just run a query against your table using addr as your filter

0
 
LVL 14

Author Comment

by:RickEpnet
ID: 36505493
But is Acually blocking more than I need to is it not?
0
 
LVL 36

Expert Comment

by:SidFishes
ID: 36505676
don't know. it -does- "block a bunch of ip's" :)

didn't notice your /29 in the q

Don't think there's anything you can do with a netmask using cf

all you could do is the query idea to block a single ip

<cfset addr = cgi.remote_addr>

<cfquery name="iplookupo"...>
select ip from tblIpAddys where ip = "addr"
</cfquery>
<cfif iplookup.recordcount neq 0>
redirect
</cfif>






0
Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

 
LVL 6

Expert Comment

by:billfusion
ID: 36505724
If you really need to use ranges, then
- create a table that has stored the binary format of the IP Addresses starting and ending addresses, and the destination for those addresses.
- Convert the brower's IP address to binary (Should create a UDF that returns the appropriate string or create a DB-based function that does the conversion),
- the run the SQL query with WHERE (BROWER_IP >= START_ADDRESS AND BROWER_IP >= END_ADDRESS)  and should return the redirect destination.

Let me know if you need help creating the functions, but here is a primer:

 
64.106.135.32 = 01000000.01101010.10000111.00100 000
29            = 11111111.11111111.11111111.11111 000 (29 ones)
Wildcard      = 00000000.00000000.00000000.00000 111 (ones left from mask above)

So:
Usable IPs = 6 IPs
Broadcast :  01000000.01101010.10000111.00100 111 or 64.106.135.39
First Usable:01000000.01101010.10000111.00100 001 or 64.106.135.33
Max Usable : 01000000.01101010.10000111.00100 110 or 64.106.135.38

Open in new window

0
 
LVL 14

Author Comment

by:RickEpnet
ID: 36505795
billfusion this looks like what I need. How would I convert to binary?
0
 
LVL 52

Expert Comment

by:_agx_
ID: 36505801
I'm not sure it's the best way to do this, but .. what about converting the range into 2 numbers (start and end) and storing those in a table

        IPRange (string)    * store 64.106.135.32/29  if desired
        StartIP (unsigned int)
        EndIP (unsigned int)

Then a simple between would tell you if the current IP was within a blocked range.  Something like

WHERE   #IPConvert(cgi.remote_addr)# BETWEEN StartIP AND EndIP

ColdFusion function
http://www.cflib.org/index.cfm?event=page.udfbyid&udfid=946
MySQL functions
http://dev.mysql.com/doc/refman/5.0/en/miscellaneous-functions.html#function_inet-aton
0
 
LVL 52

Expert Comment

by:_agx_
ID: 36505810
Never mind ;) Took too long and looks like billfusion beat me to it.
0
 
LVL 6

Expert Comment

by:billfusion
ID: 36506084
Sorry aqx, I'm in good company with a Genius (your rank) :-)

Thanks for the pointer to the functions.

@RickEpnet it would be more efficient to use unsigned int via aqx's function than to use the binary strings I described.  I believe comparing its is more efficient for the database than comparing strings.  The principal is still the same.
0
 
LVL 6

Accepted Solution

by:
billfusion earned 500 total points
ID: 36506122
@RickEpnet you can still use the binary representation of the IP address to figure out the ranges from the IPaddress/mask combos.  You can also use any of the web's IP Address calculators to get the actual ranges; I've used the one in the bottom of this page in the past: http://jodies.de/ipcalc
0
 
LVL 52

Expert Comment

by:_agx_
ID: 36506268
>> Sorry aqx, I'm in good company

Thanks :)

>> The principal is still the same.

Yep, plus he still needs the method you showed to convert the range into a start/end value anyway. Either way it's all good stuff to have in the archives.
0
 
LVL 16

Expert Comment

by:Gurpreet Singh Randhawa
ID: 36510685
Check tis tutorial

http://tutorial563.easycfm.com/
0
 
LVL 16

Expert Comment

by:Gurpreet Singh Randhawa
ID: 36510692
oops! wrong window i think

:)
0
 
LVL 14

Author Comment

by:RickEpnet
ID: 36512660
I will try some of these things as soon as I hear from the customer.
0
 
LVL 52

Expert Comment

by:_agx_
ID: 36557762
If you have time, post a summary of what you did to help others reviewing the thread in the future.
0
 
LVL 14

Author Comment

by:RickEpnet
ID: 36561152
Looks like I may not have gotten the job so I may never complete it.
0
 
LVL 52

Expert Comment

by:_agx_
ID: 36561426
Sorry to hear that.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is an updated version of a post made on my blog over 3 years ago. It is unfortunately, still very relevant as we continue to see both SQLi (SQL injection) and XSS (cross site scripting) attacks hitting some of the most recognizable website and …
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question