IP Ban in PHP isnt working

Coding Help
1

I have used this code for an IP ban:
<?php $deny = array("111.111.111", "222.222.222", "333.333.333"); if (in_array ($_SERVER['REMOTE_ADDR'], $deny)) { header("location: https://example.com/"); exit(); } ?>
It currently does not when I put my IP in. What am I doing wrong?

2

Currently PHP doesn’t work with glitch as far as I know of. They hope to release it in the future.
There are some project templates you can try to get around this incompatibility.

It also could be did you put your IP in the correct place.
You could try this bit of code in PHP:

<?
$deny = array("111.111.111", "222.222.222", "333.333.333");
foreach ($deny as $denyip) {
  if (strpos($_SERVER['REMOTE_ADDR'], $denyip)===0) {
    header("location: http://www.google.com/");
    exit();
  } 
}
?>
3

You could try node-php

4

yeah that is another way.

5

I think that would be your best option, is your project entirely in PHP?

6

Wouldn’t that also be express-php?

7

Yep, if you want to use express then you would use express-php

8

So there happens to be a server.js file code directly for that.

9

Yep, just follow the instructions in the readme and add the line to server.js

10
11

I thought you could use PHP by adding this to glitch.json
{ "install": "echo 'We Are Ready!'", "start": "php -S 0.0.0.0:3000 -t ." }

1 Like
12

You need to retrieve the user’s IP from the X-Forwarded-For header.

3 Likes
13

Yes. @RiversideRocks and @charliea21 reply is correct.
I use PHP a lot on Glitch. I can explain this in detail.

To make PHP work with Glitch, just include it in glitch.json.(I made it simpler):

{
  "start": "php -S 0.0.0.0:3000"
}

$_SERVER['REMOTE_ADDR'] does not get the expected value.
Instead you need to get it from $_SERVER['HTTP_X_FORWARDED_FOR']
This can be checked with phpinfo(). Please confirm your global IP address in advance.
I publish a minimal PHP project. The index.php is phpinfo():

when you look at $_SERVER['HTTP_X_FORWARDED_FOR'], you get the following value:

54.230.173.96,::ffff:10.10.10.246,::ffff:10.10.86.42

So you need to split it with , to get 54.230.173.96.

<?php
  $ip = explode(",", $_SERVER['HTTP_X_FORWARDED_FOR']);
  echo "{$ip[0]}\n";

This will output the IP address. You may know such a service. I also publish this project.

So the source of @m4sugar is

<?php
$ip = explode(",", $_SERVER['HTTP_X_FORWARDED_FOR']);
$deny = array("111.111.111", "222.222.222", "333.333.333");
if(in_array($ip[0],$deny))
{
  header("location: http://www.google.com/");
  exit;
}
?>

You can do what you expect. Try it!

1 Like
14

Thank you so much! That worked!

16

But what about if they’re ok to visit the site? What do I add?

17

What do you mean?

18

I think Glitch should implement an IP ban feature, because even if your project bans certain IPs, it still gets through the Glitch reverse-proxy and counts towards your request quota. :confused:

6 Likes
19

Maybe you should make a post on #feature-ideas?

Eddie

20

Using Cloudflare makes it really tricky to do IP bans. I would love if Glitch had a built in service for this.

21

That would be a neat idea, along with project comments which I have seen mentioned around the forum.

1 Like
22

Maybe I should implement IP bans on Glix?

7 Likes
23

yep, just add stuff that glitch wont/dont have time to add, lol

2 Likes
24

How do you plan on getting around cloudflare? There is a way in PHP but I have no idea in Express or any other languages.

25

There are drivers, pretty sure you need Apache for them to work.

26

@m4sugar There’s a Node.js package aswell

1 Like
27

Can you explain the concept or method how it is done using PHP? Might be able to figure out a way for Express…

1 Like
28

This is what I do on my website:

if (isset($_SERVER['HTTP_CF_CONNECTING_IP'])) $_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_CF_CONNECTING_IP'];

$_SERVER['HTTP_CF_CONNECTING_IP'] is the IP.

29

Can you explain what that piece of code does? :sweat_smile:

30

It checks is the server variable $_SERVER['HTTP_CF_CONNECTING_IP'] is set, if it is, it sets the $_SERVER['REMOTE_ADDR'] variable to $_SERVER['HTTP_CF_CONNECTING_IP'].

Thats what it looks like to me, correct me if I’m wrong.

2 Likes
31

I’ll most likely use something called iptables to block out specific IPs from my VPS, however that would be strictly prohibited to only run on port 80 and 443, and only deny access when the IP is banned on a specific pointer.

You can pretty much write it yourself. Apache or NGINX has the tools needed to implement IP bans, however, I doubt they can deny access on specific hosts, I don’t know.

If I’m going to implement this for Glix I’ll have to write a caddy plugin in Go :stuck_out_tongue:

This would be a rather deprecated choice. The connecting remote might be a reverse-proxy, which therefore will ban the proxy instead of the user. You should look out for trusted proxies and make sure to use the X-Forwarded-For header as the IP. However don’t trust the header until you’ve validated that the remote is trusted!

2 Likes
32

why not ip bans on the reverse proxy? Also this as a feature for glix would be nice

33

The reason I use this is because this is the method that Cloudflare says to do.

34

If I’m going to implement this I’ll write a plugin for Caddy :wink:

P.S. Caddy is the reverse proxy I’m using :slight_smile:

3 Likes
35

Not Nginx? Nginx has more documentation online.

1 Like
36

Caddy is as well very documented and more fit for my use.

NGINX is an extremey good web server, reverse proxy etc, but is rather an overkill for what I need.

Caddy also comes with a built-in admin API, which Glix takes use of. With NGINX you have to do a bunch of things to get all of the stuff caddy does automatic.

Caddy in my opinion is just easier and better to use.

2 Likes
37

I love it when things have built in admin :slight_smile:

1 Like