Block an IP in Coldfusion

Gregory Ambrose
Gregory Ambrose used Ask the Experts™
How do I block a specific IP address from accessing a website.
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
erikTsomikSystem Architect, CF programmer

try these steps
Log into the .htaccess Editor, and then click Block IP Addresses.
Select the directory from which you want to block access. ...
To add a new IP address or range, enter it in the designated field.
Click Save to save your settings. ...
To delete an IP entry, click the delete icon in the Blocked IP Addresses/Ranges table.
The coldfusion way...

<cfif cgi.REMOTE_ADDR is "">
      Go Away!
Become a Certified Penetration Testing Engineer

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

erikTsomikSystem Architect, CF programmer

I would not rely on CGI variable because they can  easily be  manipulated. But as general rule I would  use the suggestion


Thanks for the Coldfusion solution; I could get the .htaccess solution to work.
@Gregory Ambrose - You have several options depending on the environment you are working in. For example,
Is the site hosted on a Windows or LINUX based server?
Is the site on a local intranet or public facing Internet?
Is the server managed in-house or by hosting provider?

Yes, you can leverage CF to block specific IPs or range of IPs. However, you have to maintain the list if the IP changes.



The site faces the public on a windows server provided by a hosting company.
@Gregory Ambrose - If you suspect malicious user(s) via Internet traffic, then your best defense might be to have your hosting provider block the suspect IP range. Sometimes the control panel tools for management of your site allow you to perform this task yourself.

In addition to @gdemaria solution, you could add an application enhancement that captures the client IP in a table after certain conditions are met. Then use some sort of UDF, OnRequest, code to automatically restrict site access if the IP address was logged...

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial