May 30, 2013 579 Views 1 Comment

PHP IP Blocking Script

SHARE THIS ARTICLE

EDIT:
If your looking for a blacklisting solution for WordPress please visit Securing WordPress Websites and Blogs – Blacklist by IP Address

Using GeoBytes and HostIP APIs to create a PHP IP addresses filtering system capable of blocking visitors by country. Both APIs are available free of cost but have some amount of restriction/limit governing free access. For this reason we will utilize both services in our script, one as primary and the other as a fall-back.

GEOBytes API

http://www.geobytes.com/IpLocator.htm

API Call Result

Sample Result Array can be seen here: http://www.geobytes.com/phpdemo.php


HOSTIP API

http://api.hostip.info

Access GeoBytes API with PHP

$tags = get_meta_tags('http://www.geobytes.com/IpLocator.htm?GetLocation&template=php3.txt&IpAddress='.$_SERVER['REMOTE_ADDR']);

For testing purposes you can replace $_SERVER['REMOTE_ADDR'] with your IP address.

Access HOSTIP API with PHP

$iptocheck = $_SERVER['REMOTE_ADDR']; # Get visitor's IP
$geoiparray = getInfoFromIP($iptocheck);

function getInfoFromIP($theip){
if(!$theip) return false; # Missing parameter

# Pull the XML
$url = 'http://api.hostip.info/?ip='.$theip;
$xml = simplexml_load_file($url);

$result['country'] = $xml->children('gml', true)->featureMember->children()->Hostip->countryName;
return $result;
}

PHP IP Blocking Script (Complete)

Redirect Users accessing the site from named country

<?php
$tags = get_meta_tags('http://www.geobytes.com/IpLocator.htm?GetLocation&template=php3.txt&IpAddress='.$_SERVER['REMOTE_ADDR']);

if($tags['country'] == "Jamaica"){
# Send visitor to JM Domain
header("Location: http://www.kodesmart.com.jm");
}
else if($tags['country'] == "United States"){
# Send visitor to .COM Domain
header("Location: http://www.kodesmart.com");
}

/* After 20 Attempts/Hour --FailSafe */
else if($tags['country'] == "Limit Exceeded"){
# Get visitor's IP
$iptocheck = $_SERVER['REMOTE_ADDR'];
$geoiparray = getInfoFromIP($iptocheck);

if($geoiparray['country'] == "JAMAICA"){
# Send visitor to JM Domain
header("Location: http://www.kodesmart.com");
}
else if($geoiparray['country'] == "UNITED STATES"){
# Send visitor to .COM Domain
header("Location: http://www.kodesmart.com");
}
}

function getInfoFromIP($theip){
# Missing parameter
if(!$theip) return false;

# Pull the XML
$url = 'http://api.hostip.info/?ip='.$theip;
$xml = simplexml_load_file($url);

$result['country'] = $xml->children('gml', true)->featureMember->children()->Hostip->countryName;
return $result;
}

/* exit(); */
$_SESSION['$executed'] = true;
echo "loaded";
?>

Note: The example script redirects users instead of blocking them, in order to block a visitor simply change the destination to a somewhere like google.com or a custom restriction page. Eg: header(“Location: http://www.kodesmart.com/restricted-access.php”).

  • Garish

    There is so much with coding that I do not even know. As a beginner, this can be very confusing, but I do understand what the end result should be. Thanks for posting!