Of Stack

Prohibit IP from accessing the site by multiple methods to share of linux php nginx apache

  • 2020-05-12 06:28:14
  • OfStack

PHP prohibits access to an IP or IP segment

Without further ado, please look at the guest officer: 


<?  
// Ban a IP
$banned_ip = array (
"127.0.0.1",
//"119.6.20.66",
"192.168.1.4"
);
if ( in_array( getenv("REMOTE_ADDR"), $banned_ip ) )
{
die (" your IP No access! ");
}
// Ban a IP Period of 
$ban_range_low=ip2long("119.6.20.65");
$ban_range_up=ip2long("119.6.20.67");
$ip=ip2long($_SERVER["REMOTE_ADDR"]);
if ($ip>$ban_range_low && $ip<$ban_range_up)
{
echo " your IP In prohibited IP Section, no access! ";
exit();
}
?>


apache prohibits access using IP

Method 1: at the end of the httpd.conf file, add the following code 


NameVirtualHost 221.*.*.*
<VirtualHost 221.*.*.*>
ServerName 221.*.*.*
<Location />
Order Allow,Deny
      Deny from all
</Location>
</VirtualHost>    
<VirtualHost 221.*.*.*>
DocumentRoot "c:/web"
ServerName www.ofstack.com
</VirtualHost>

Note: the blue part is the implementation to deny any access request directly through the IP of 221.*.*.*. The red part allows access through the domain name www.ofstack.com, and the home directory points to c:/web. (let's say the root of your site is c:/web.)

Linux blocks access to IP 


# Block a single IP The command is 
iptables -I INPUT -s 123.45.6.7 -j DROP
# Seal the entire segment immediately from 123.0.0.1 to 123.255.255.254 The command 
iptables -I INPUT -s 123.0.0.0/8 -j DROP
# seal IP Section is from 123.45.0.1 to 123.45.255.254 The command 
iptables -I INPUT -s 124.45.0.0/16 -j DROP
# seal IP Section is from 123.45.6.1 to 123.45.6.254 The command is 
iptables -I INPUT -s 123.45.6.0/24 -j DROP
service iptables save


Save in /etc/sysconfig/iptables if there is no iptables file will be created automatically

Nginx prohibits access to IP

First create the following configuration file and place it under nginx's conf directory, blocksip.conf:

deny 4.4.4.4 // this is IP to be banned by nginx

So let's save 1.
Add: include blocksip.conf; include blocksip.conf; Then restart nginx and it will take effect. When the blocked ip opens the site, it will prompt:

403 Forbidden

blocksip.conf: there are many other formats that can be configured to allow only IP access or IP segment access:

deny IP;
allow IP;
# block all ips
deny all;
# allow all ips
allow all;

The section is written like this: 192.168.1.0/24.

Related articles: