only allow certain ips to access my "family site"?

**sxm65** · 07-21-2011 02:44 PM

Hello , for some days i have been struggeling with making only certain ips accessing my family site since i only want my family to be enable to access the site. ill need some help by your guys. This is how far i have gotten and if ip is not in database it will redirect to www.google.se :

PHP Code:


$ip =$_SERVER['REMOTE_ADDR'];

$result = mysql_query('SELECT * FROM `ips` WHERE `ip`="' . $ip . '"');



if(mysql_affected_rows($link) < 0){

header('location:http://google.se');

}

EDIT : here is the site i currently tired the script on : http://nattlir.co.cc/

**descalzo** · 07-21-2011 03:07 PM

mysql_affected_rows only works for actions that change the database. SELECT is not one of them. You want to test mysql_num_rows($result) and see if it is == 0. (you should first test $result to make sure it is not FALSE, ie to make sure you did not get an error).

**sxm65** · 07-21-2011 03:18 PM

Okey so i changed if(mysql_affected_rows($link) < 0){ to if mysql_num_rows($result) ==0); and didnt get a error. so whats next step?

**misson** · 07-21-2011 06:13 PM

Note that preventing admins from accessing your site may break the TOS, as they need to be able to check the site for other violations.

The X10 server's load balancing set-up may interfere with your IP check, as the IP your code checks may be that of the load-balancing proxy. You may need to get the IP address from the X-Forwarded-For or X-Real-Ip headers (via the HTTP_X_FORWARDED_FOR or HTTP_X_REAL_IP entries of $_SERVER), though be careful as these can be spoofed.

Apache has the capability of restricting access by host built-in, though a database might be easier to update programmatically for when the IP addresses change and getting host-based authentication to work through the proxy may be difficult to impossible. You can use rewrites to achieve the same affect (see links below for more).

If you use usernames & passwords for authentication, you won't need to worry about addresses changing. You can configure Apache for authentication and authorization using one of the HTTP authentication mechanisms.

If you're going to use your current method of host-based authentication, use ip2long to convert the string to an integer before passing it to the data access layer, which will take up less space and speed up access & insertion.

Lastly, you shouldn't be using the soon-to-be-deprecated mysql extension. You should be using PDO. It's safer, easier and more performant.

See also:

**cybrax** · 07-21-2011 07:34 PM

This is something better done using username and password protection than IP as most peoples IP address changes each time the home broadband router re-boots, same applies to dial-up connections and 3G wireless Internet dongles. Useful as an additional layer of security as each IP address is part of a block of numbers assigned to a particular country then subdivided further amongst the local ISP's but not as a primary defence.

NB: whilst Google may not be able to index your site there are others out there scanning the Internet for hidden sites such as yours. It's surprising what turns up on peoples home web servers.

**sxm65** · 07-22-2011 03:28 AM

Ill not prevent admins from getting in they can as always access the file from my file manager? Also ill like help with continue the ip allow code.

---------- Post added at 08:28 AM ---------- Previous post was at 07:44 AM ----------

Got an idea of what i can use that wont change the computer mac address so the code will need change of the table and the names inside. How will i go about that , so when the user try to access my site it does a check if the mac adress of the computer is in database else redirect to google.com.

**misson** · 07-22-2011 05:17 AM

You can't get the MAC address. It's link-level only.

Not everyone who polices sites has file access. For those that do (it won't be through "your" file manager), it's still more difficult to wade through the source than to view the website in a browser. I don't see anything in the TOS that disallow preventing admins from accessing the sit, but I do recall sites being suspended in the past, though it's been awhile. Just be aware that your site might get suspended.