Solved

Block based on IP address

Posted on 2011-09-08
16
665 Views
Last Modified: 2012-05-12
Is there an easy way to put a bunch of ip address ranges (for example one range would be 64.106.135.32/29) into a table then do a lookup based on the client ip address and redirect if we get a match?
0
Comment
Question by:RickEpnet
  • 5
  • 4
  • 3
  • +2
16 Comments
 
LVL 36

Expert Comment

by:SidFishes
ID: 36505352
you could simply look at the first 3 segments

<cfset addr = cgi.remote_addr>
<cfif find("64.106.135",addr)>
Redirect
</cfif>

otherwise you could just run a query against your table using addr as your filter

0
 
LVL 14

Author Comment

by:RickEpnet
ID: 36505493
But is Acually blocking more than I need to is it not?
0
 
LVL 36

Expert Comment

by:SidFishes
ID: 36505676
don't know. it -does- "block a bunch of ip's" :)

didn't notice your /29 in the q

Don't think there's anything you can do with a netmask using cf

all you could do is the query idea to block a single ip

<cfset addr = cgi.remote_addr>

<cfquery name="iplookupo"...>
select ip from tblIpAddys where ip = "addr"
</cfquery>
<cfif iplookup.recordcount neq 0>
redirect
</cfif>






0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 6

Expert Comment

by:billfusion
ID: 36505724
If you really need to use ranges, then
- create a table that has stored the binary format of the IP Addresses starting and ending addresses, and the destination for those addresses.
- Convert the brower's IP address to binary (Should create a UDF that returns the appropriate string or create a DB-based function that does the conversion),
- the run the SQL query with WHERE (BROWER_IP >= START_ADDRESS AND BROWER_IP >= END_ADDRESS)  and should return the redirect destination.

Let me know if you need help creating the functions, but here is a primer:

 
64.106.135.32 = 01000000.01101010.10000111.00100 000
29            = 11111111.11111111.11111111.11111 000 (29 ones)
Wildcard      = 00000000.00000000.00000000.00000 111 (ones left from mask above)

So:
Usable IPs = 6 IPs
Broadcast :  01000000.01101010.10000111.00100 111 or 64.106.135.39
First Usable:01000000.01101010.10000111.00100 001 or 64.106.135.33
Max Usable : 01000000.01101010.10000111.00100 110 or 64.106.135.38

Open in new window

0
 
LVL 14

Author Comment

by:RickEpnet
ID: 36505795
billfusion this looks like what I need. How would I convert to binary?
0
 
LVL 52

Expert Comment

by:_agx_
ID: 36505801
I'm not sure it's the best way to do this, but .. what about converting the range into 2 numbers (start and end) and storing those in a table

        IPRange (string)    * store 64.106.135.32/29  if desired
        StartIP (unsigned int)
        EndIP (unsigned int)

Then a simple between would tell you if the current IP was within a blocked range.  Something like

WHERE   #IPConvert(cgi.remote_addr)# BETWEEN StartIP AND EndIP

ColdFusion function
http://www.cflib.org/index.cfm?event=page.udfbyid&udfid=946
MySQL functions
http://dev.mysql.com/doc/refman/5.0/en/miscellaneous-functions.html#function_inet-aton
0
 
LVL 52

Expert Comment

by:_agx_
ID: 36505810
Never mind ;) Took too long and looks like billfusion beat me to it.
0
 
LVL 6

Expert Comment

by:billfusion
ID: 36506084
Sorry aqx, I'm in good company with a Genius (your rank) :-)

Thanks for the pointer to the functions.

@RickEpnet it would be more efficient to use unsigned int via aqx's function than to use the binary strings I described.  I believe comparing its is more efficient for the database than comparing strings.  The principal is still the same.
0
 
LVL 6

Accepted Solution

by:
billfusion earned 500 total points
ID: 36506122
@RickEpnet you can still use the binary representation of the IP address to figure out the ranges from the IPaddress/mask combos.  You can also use any of the web's IP Address calculators to get the actual ranges; I've used the one in the bottom of this page in the past: http://jodies.de/ipcalc
0
 
LVL 52

Expert Comment

by:_agx_
ID: 36506268
>> Sorry aqx, I'm in good company

Thanks :)

>> The principal is still the same.

Yep, plus he still needs the method you showed to convert the range into a start/end value anyway. Either way it's all good stuff to have in the archives.
0
 
LVL 16

Expert Comment

by:Gurpreet Singh Randhawa
ID: 36510685
Check tis tutorial

http://tutorial563.easycfm.com/
0
 
LVL 16

Expert Comment

by:Gurpreet Singh Randhawa
ID: 36510692
oops! wrong window i think

:)
0
 
LVL 14

Author Comment

by:RickEpnet
ID: 36512660
I will try some of these things as soon as I hear from the customer.
0
 
LVL 52

Expert Comment

by:_agx_
ID: 36557762
If you have time, post a summary of what you did to help others reviewing the thread in the future.
0
 
LVL 14

Author Comment

by:RickEpnet
ID: 36561152
Looks like I may not have gotten the job so I may never complete it.
0
 
LVL 52

Expert Comment

by:_agx_
ID: 36561426
Sorry to hear that.
0

Featured Post

Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hi. There are several upload tutorials using jquery and coldfusion. I found a very interesting one here Upload Your Files using Jquery & ColdFusion and Preview them (http://www.randhawaworld.com/) . I did keep the main js functions but made sever…
Sometimes databases have MILLIONS of records and we need a way to quickly query that table to return the results me need. Sure you could use CFQUERY but it takes too long when there are millions of records. That is why SOLR was invented. Please …
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now