Country blocking via IP address

Post Reply
gerry.odea
Posts: 98
Joined: Fri Sep 19, 2008 9:33 am

Country blocking via IP address

Post by gerry.odea »

I want to block some countries from accessing my scripts. If I want to currently block an IP block like 111.111.0.0 to 111.111.255.255 I currently use...

<if $REMOTE_ADDR like "(111.111.)"><else></if>

but as you can imagine this can get very large and it could block an IP like 123.111.111.123 I am using Commercial Version 2.6.929642470. Is there any way to do this or a better way of doing it? Please let me know.

Thank you.
User avatar
John
Site Admin
Posts: 2597
Joined: Mon Apr 24, 2000 3:18 pm
Location: Cleveland, OH
Contact:

Country blocking via IP address

Post by John »

Current version of Texis have various IP functions: http://www.thunderstone.com/site/texism ... tions.html

Absent that the best plan is probably to convert the IP address to a 32-bit number, and do a range lookup in a table of blocked ranges.

If the number of ranges was small, and a prefix was OK you could use rex, e.g.

<$blockips=">>111\.111\.=" >
<rex $blockips $REMOTE_ADDR><if $ret neq ''>
BLOCKED
<else>
Not Blocked
</if>
John Turnbull
Thunderstone Software
User avatar
mark
Site Admin
Posts: 5513
Joined: Tue Apr 25, 2000 6:56 pm

Country blocking via IP address

Post by mark »

Newer versions have some nice IP handling functions.
For your 12 year old version you can use matches or rex to do prefix matching.
<$rejectexpr=">>=111\.111\." ">>=222\.222\.">
<rex $rejectexpr $REMOTE_ADDR>
<if $ret ne ''> go away <exit></if>
gerry.odea
Posts: 98
Joined: Fri Sep 19, 2008 9:33 am

Country blocking via IP address

Post by gerry.odea »

Thanks John,

What about if I did something like this:

<$badIPS=">>=111\.111\.">
<rex $badIPS $REMOTE_ADDR>
<if $ret neq ''>
then do a rex on $REMOTE_ADDR to pull out the third octet 111.111.xxx
<if $ret gt 0 and $ret lt 255>
BLOCK <else> OK </if>

Would that work? How would I write the rex to get the value of the third octet?

Thanks
User avatar
John
Site Admin
Posts: 2597
Joined: Mon Apr 24, 2000 3:18 pm
Location: Cleveland, OH
Contact:

Country blocking via IP address

Post by John »

If the expression was ">>=111\.111\.\P=\digit+" then $ret from the rex would be the third octet. (The \P indicates preceding)
John Turnbull
Thunderstone Software
gerry.odea
Posts: 98
Joined: Fri Sep 19, 2008 9:33 am

Country blocking via IP address

Post by gerry.odea »

Now that I have the most recent version, how would I do this differently? I read http://www.thunderstone.com/site/texism ... tions.html but I really don't understand what it means or how I would block certain ranges like I am doing from the example above that I have been using. Any help would be GREATLY appreciated. Thanks
User avatar
Kai
Site Admin
Posts: 1271
Joined: Tue Apr 25, 2000 1:27 pm

Country blocking via IP address

Post by Kai »

Yeah those docs need some examples. Given your example above, to block REMOTE_ADDR IPs in the range 111.111.0.0 through 111.111.255.255 inclusive, use:

<if inetcontains( "111.111" , $REMOTE_ADDR ) gt 0>
Blocked
<else>
Ok
</if>

When giving an inet expression, the number of bytes given determines the netmask, if no netmask (`/nnn') is given. Thus, `111.111' is equivalent to `111.111/16' (because 2 bytes of the IP were given); they both mean the range 111.111.0.0 through 111.111.255.255.

E.g. to check for 1.2.3.0 through 1.2.3.255, one could use `1.2.3', or `1.2.3/24' (equivalent).
Post Reply