Page 1 of 1

Country blocking via IP address

Posted: Thu Apr 28, 2011 3:43 pm
by gerry.odea
I want to block some countries from accessing my scripts. If I want to currently block an IP block like 111.111.0.0 to 111.111.255.255 I currently use...

<if $REMOTE_ADDR like "(111.111.)"><else></if>

but as you can imagine this can get very large and it could block an IP like 123.111.111.123 I am using Commercial Version 2.6.929642470. Is there any way to do this or a better way of doing it? Please let me know.

Thank you.

Country blocking via IP address

Posted: Thu Apr 28, 2011 4:48 pm
by John
Current version of Texis have various IP functions: http://www.thunderstone.com/site/texism ... tions.html

Absent that the best plan is probably to convert the IP address to a 32-bit number, and do a range lookup in a table of blocked ranges.

If the number of ranges was small, and a prefix was OK you could use rex, e.g.

<$blockips=">>111\.111\.=" >
<rex $blockips $REMOTE_ADDR><if $ret neq ''>
BLOCKED
<else>
Not Blocked
</if>

Country blocking via IP address

Posted: Thu Apr 28, 2011 4:52 pm
by mark
Newer versions have some nice IP handling functions.
For your 12 year old version you can use matches or rex to do prefix matching.
<$rejectexpr=">>=111\.111\." ">>=222\.222\.">
<rex $rejectexpr $REMOTE_ADDR>
<if $ret ne ''> go away <exit></if>

Country blocking via IP address

Posted: Thu Apr 28, 2011 5:08 pm
by gerry.odea
Thanks John,

What about if I did something like this:

<$badIPS=">>=111\.111\.">
<rex $badIPS $REMOTE_ADDR>
<if $ret neq ''>
then do a rex on $REMOTE_ADDR to pull out the third octet 111.111.xxx
<if $ret gt 0 and $ret lt 255>
BLOCK <else> OK </if>

Would that work? How would I write the rex to get the value of the third octet?

Thanks

Country blocking via IP address

Posted: Thu Apr 28, 2011 5:15 pm
by John
If the expression was ">>=111\.111\.\P=\digit+" then $ret from the rex would be the third octet. (The \P indicates preceding)

Country blocking via IP address

Posted: Tue Sep 01, 2015 5:14 pm
by gerry.odea
Now that I have the most recent version, how would I do this differently? I read http://www.thunderstone.com/site/texism ... tions.html but I really don't understand what it means or how I would block certain ranges like I am doing from the example above that I have been using. Any help would be GREATLY appreciated. Thanks

Country blocking via IP address

Posted: Tue Sep 01, 2015 5:58 pm
by Kai
Yeah those docs need some examples. Given your example above, to block REMOTE_ADDR IPs in the range 111.111.0.0 through 111.111.255.255 inclusive, use:

<if inetcontains( "111.111" , $REMOTE_ADDR ) gt 0>
Blocked
<else>
Ok
</if>

When giving an inet expression, the number of bytes given determines the netmask, if no netmask (`/nnn') is given. Thus, `111.111' is equivalent to `111.111/16' (because 2 bytes of the IP were given); they both mean the range 111.111.0.0 through 111.111.255.255.

E.g. to check for 1.2.3.0 through 1.2.3.255, one could use `1.2.3', or `1.2.3/24' (equivalent).