stack stack - 1 year ago 33
PHP Question

How can I get user's IP and block it?

I'm trying to block some of my website's users. Well I need two things:

  • getting user's IP

  • blocking it

I've searched about them. And I understand I have to get user's IP like this:

// or sometimes $_SERVER['HTTP_X_FORWARDED_FOR']

And I have to block it like this:

$network = ip2long("");
$mask = ip2long("");
$ip = ip2long($_SERVER{'REMOTE_HOST'});
if (($network & $mask) == ($ip & $mask)) {

As you see, for blocking an IP, it uses
. Well that's the different between
? And which one is containing the IP ?


REMOTE_HOST usually contains the result of a reverse dns lookup ( and can also be done in PHP using gethostbyaddr ( in the case, that your server does not fill this environment variable. It gets derived from the $_SERVER['REMOTE_ADDR'] value, which represents the (IP)-address as its name suggests.

Banning IP-Addresses on a shared host is not optimal and I will come to that later. Assuming you are using a shared host I would not let the script die like you did. Instead I would just return a HTTP header in order to (at least) save some bandwidth on that IP, like:

if($_SERVER['REMOTE_ADDR'] == "")
{ header("HTTP/1.1 403 Forbidden" ); exit; }

and returns something like this to your visitor (using chromium):

enter image description here

A cleaner and more professional approach to block IP addresses is not possible on many shared hosts, but should be mentioned here anyways, because it saves bandwidth, memory and cpu-cycles and can be described as dynamic creation of firewall rules. There are tools like fail2ban helping to overcome compatibility issues between different firewalls keeping your PHP application portable between root servers. Fail2ban can scan all kinds of log files, even custom ones. Your PHP application could just write to a log file and fail2ban would disallow any connection attempt from that IP address to your server. Sounds cool? Root servers ain't expensive nowadays if you would like to try it.