SitePoint Sponsor

User Tag List

Results 1 to 8 of 8
  1. #1
    SitePoint Member
    Join Date
    May 2003
    Location
    UK
    Posts
    9
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Restricting to a set of IP address

    Hi

    This is for my admin side of the main web site. There are several number of admin users doing their admin activity in one central location and each one has their own tasks.
    All the admin users are provided with a login id and password . Here what i want to do is ,
    i need to allow them if they access this admin part of the web site only from this central office.

    That is if they try to access the site using their login id and password from their home or from any other location they should n't be allowed to enter.
    I heard that there is a chance that people can forge the IP address.
    If people know the IP address then they can set the same in their system and could access.Is that right?

    Could anyone suggest me the best way to do this?

    I need this help very urgently.

    Thanks

    svan

  2. #2
    SitePoint Enthusiast
    Join Date
    Jun 2003
    Location
    Ljubljana, Slovenia
    Posts
    83
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    i'd do it like this !

    make an array or table of IP addresses

    example:
    PHP Code:
    allowed_ip = new Array(
    "username1" =>"10.0.0.1",
    "username2" =>"10.0.0.2"

    and when login just check
    PHP Code:
    if(allowed_ip['username1'] == $_SERVER['REMOTE_ADDR']) echo "ourajti den";
    else echo 
    "damn .. I'm in denial !"
    hehe

    bye
    Armando

  3. #3
    SitePoint Member
    Join Date
    May 2003
    Location
    UK
    Posts
    9
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks for your reply.
    My doubt is this.for example i am the user working in the central location and i know the system ip address which i am using.Suppose if i access the site from my home or from any location outside by changing the ip address of the system to the one which i was using in my central location. So according to the login page (where i
    am checking the incoming ip address) the $_SERVER['REMOTE_ADDR'] will match with one of the ip mentioned in the array.
    Am i right on this?
    If so how to avoid this.

    Thanks

    svan

  4. #4
    ********* Member website's Avatar
    Join Date
    Oct 2002
    Location
    Iceland
    Posts
    1,238
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    No, you cannot change your IP, only your ISP (Internet Service Provider) can. Some people have 'static' IP's, that means that they always have the same IP, other people have 'dynamic' IP's, that means the ISP doesn't have enough IP's (usually) for all clients so it just hands you out some IP that is available when you connect.

    Still I have heard some stories that you can forge the $_SERVER['REMOTE_ADDR'], but that is something I think you should not have to worry about
    - website

  5. #5
    SitePoint Member
    Join Date
    May 2003
    Location
    UK
    Posts
    9
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    ok fine.
    Assume these are the two IP addresses allowed inside
    10.0.0.1
    10.0.0.2.
    So i can check in my program for the incoming IP using $_SERVER['REMOTE_ADDR'].
    Is it possible for me to assign a static IP address as 10.0.0.2 to the system in my house and then access the site.Will my page allow this request since this IP is allowed inside.
    Sorry if i understood this concept totally wrong.

    thanks

    svan

  6. #6
    ********* Member website's Avatar
    Join Date
    Oct 2002
    Location
    Iceland
    Posts
    1,238
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    The short one: Not it is not possible for you to assign static IP address as 10.0.0.2 at your house and then access your site.

    The long one: Because it is your ISP but not you who assign you IP when you connect you cannot decide what IP you will have, your ISP can't even give you any IP they want because they only own some specific. By checking $_SERVER['REMOTE_ADDR'] and only allow certein IP addresses to enter you are pretty safe (your script needs to be well programmed ofcourse).

    I do repeat that this is not 99.9% secure because I do not have enough knowlege do say that but it is pretty safe! I can't say any more because then I would be lying to you...
    - website

  7. #7
    SitePoint Member
    Join Date
    May 2003
    Location
    UK
    Posts
    9
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I got it now .Thanks for explaining this.

    svan

  8. #8
    SitePoint Addict The Mog's Avatar
    Join Date
    Dec 2002
    Location
    Manchester UK
    Posts
    310
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    just a quick note

    if your ip is 10.0.0.X
    or
    192.168.0.x

    it is very difficult to forge these addresses because they are internal ip addresses

    however if you run a router and the person can Hack into your network he/she could always spoof his ip to reflect the one of the internal network.

    however then he/she would be a uber hacker and not a script kiddy

    The Mog


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •