There are many reasons you may need to block an IP address from visiting your website. For example, to prevent particular users doing malicious things with your website - trying to spam your web forms, or hack your shopping cart, etc. Using PHP, you can easily find your site visitors' website addresses and based on these addresses to redirect them to specific places on your site. If you use such IP ban protection on your website, you will also need to not only list individual addresses to be blocked but also IP masks and IP ranges.
Let's start! First, we will create an array to list all the IP addresses that we want to block. Besides single IP addresses, we will also use IP ranges such as 216.58.197.101-216.58.197.200 and IP masks 100.88.*.*. Here is the array
<?php
$ip_block = array(
'111.65.248.132',
'216.58.197.119',
'192.168.1.100',
'192.168.1.105',
'100.88.*.*',
'122.25.100.*',
'216.58.197.101-216.58.197.200',
'98.255.255.100-98.255.255.150'
);
When a visitor comes to your website you will need to find their IP address and store it in a variable. You can find out the IP address using this piece of code:
if (isset($_SERVER['HTTP_CLIENT_IP']))
{
$client_ip = $_SERVER['HTTP_CLIENT_IP'];
} else if(isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$client_ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
} else if(isset($_SERVER['HTTP_X_FORWARDED'])) {
$client_ip = $_SERVER['HTTP_X_FORWARDED'];
} else if(isset($_SERVER['HTTP_FORWARDED_FOR'])) {
$client_ip = $_SERVER['HTTP_FORWARDED_FOR'];
} else if(isset($_SERVER['HTTP_FORWARDED'])) {
$client_ip = $_SERVER['HTTP_FORWARDED'];
} else if(isset($_SERVER['REMOTE_ADDR'])) {
$client_ip = $_SERVER['REMOTE_ADDR'];
}
The code above will check every possible variable which may hold information about visitor's IP address. Once it is executed, you will have visitor IP address stored in $client_ip variable. Now we will have to create a loop and match visitor's IP address against each IP address that we have in our $ip_block array. In the code below there are 3 IF cases
1) if($client_ip == $ip) - if visitor's IP addresses exactly matches the IP address defined in $ip_block array. If this is the case we set a variable $blocked to true and exit from the loop.
2) if(strpos($ip, '*') !== false) - if the blocked IP address has * or in other words if we use a mask to define the IP addresses that we need to block. If for example, you define
100.100.100.*
this will block all visitors with IP addresses 100.100.100.1, 100.100.100.2, 100.100.100.3, 100.100.100...... 255. If we have to check visitors IP address against such mask we split the IP addresses by . and match each of the 4 parts of the IP address. If there is a match, then we consider the IP address to be blocked and exit the loop
3) if(strpos($ip, "-") !== false) - with the last IF case we check if the visitors IP address should be checked against IP range. In that case we convert the IP address to an integer using
ip2long() function and compare that interger with the start and end IP addresses from the range.
$blocked = false;
foreach($ip_block as $ip)
{
if($client_ip == $ip)
{
$blocked = true;
break;
}else if(strpos($ip, '*') !== false){
$digits = explode(".", $ip);
$client_ip_digits = explode(".", $client_ip);
if($digits[1] == '*' && $digits[0] == $client_ip_digits[0])
{
$blocked = true;
break;
}else if($digits[2] == '*' && $digits[0] == $client_ip_digits[0] && $digits[1] == $client_ip_digits[1]){
$blocked = true;
break;
}else if($digits[3] == '*' && $digits[0] == $client_ip_digits[0] && $digits[1] == $client_ip_digits[1] && $digits[2] == $client_ip_digits[2]){
$blocked = true;
break;
}
}else if(strpos($ip, "-") !== false){
list($start_ip, $end_ip) = explode("-", $ip);
$start_ip = preg_replace('/\s+/', '', $start_ip);
$end_ip = preg_replace('/\s+/', '', $end_ip);
$start_ip_long = ip2long($start_ip);
$end_ip_long = ip2long($end_ip);
if($client_ip_long >= $start_ip_long && $client_ip_long <= $end_ip_long)
{
$blocked = true;
break;
}
}
}
At the end we will have a variable $blocked which if set to true means that visitors IP address is found in our list with blocked IP addresses and we should block it.
if($blocked == true)
{
header('Location: blocked-page.html');
}
You can redirect the user to another page or just print some message.
The above code is useful if you want to redirect different website visitors to different pages on your website. Using third party service you can find out location country for an IP address and knowing visitor's country to redirect them to specific language version of your website.