I want to block some countries from accessing my scripts. If I want to currently block an IP block like 111.111.0.0 to 111.111.255.255 I currently use...
<if $REMOTE_ADDR like "(111.111.)"><else></if>
but as you can imagine this can get very large and it could block an IP like 123.111.111.123 I am using Commercial Version 2.6.929642470. Is there any way to do this or a better way of doing it? Please let me know.
Newer versions have some nice IP handling functions.
For your 12 year old version you can use matches or rex to do prefix matching.
<$rejectexpr=">>=111\.111\." ">>=222\.222\.">
<rex $rejectexpr $REMOTE_ADDR>
<if $ret ne ''> go away <exit></if>
<$badIPS=">>=111\.111\.">
<rex $badIPS $REMOTE_ADDR>
<if $ret neq ''>
then do a rex on $REMOTE_ADDR to pull out the third octet 111.111.xxx
<if $ret gt 0 and $ret lt 255>
BLOCK <else> OK </if>
Would that work? How would I write the rex to get the value of the third octet?
Now that I have the most recent version, how would I do this differently? I read http://www.thunderstone.com/site/texism ... tions.html but I really don't understand what it means or how I would block certain ranges like I am doing from the example above that I have been using. Any help would be GREATLY appreciated. Thanks
Yeah those docs need some examples. Given your example above, to block REMOTE_ADDR IPs in the range 111.111.0.0 through 111.111.255.255 inclusive, use:
When giving an inet expression, the number of bytes given determines the netmask, if no netmask (`/nnn') is given. Thus, `111.111' is equivalent to `111.111/16' (because 2 bytes of the IP were given); they both mean the range 111.111.0.0 through 111.111.255.255.
E.g. to check for 1.2.3.0 through 1.2.3.255, one could use `1.2.3', or `1.2.3/24' (equivalent).