IP ban in php

Hello, I am trying to make an IP ban system in PHP. This is the code I have so far (replace with a real IP)

$ip = explode(",", $_SERVER['HTTP_X_FORWARDED_FOR']);
$deny = array("");
  header("location: /Membership/NotApproved.php");

This is not working. What am I doing wrong?

“This is not working”
echo $_SERVER[‘HTTP_X_FORWARDED_FOR’] in your test code, make sure it contains what you think it contains… (X_FORWARDED_FOR is not always set…)

For some context I use Glitch for hosting.
The interesting part is that one my project page (without a custom domain) the code works but on my page with the custom domain it does not work.
$ip returns array on the custom domain page.

In what way? What does it do that it should not, or what does it not do, that it should?

It is suppost to redirect users with an IP in the array to another page.

And what does it do?


Try adding these lines to show the undefined error, test, clear the error, amend the script, report back with results:

declare (strict_types=1);
// your script

I am actually starting to think that this is an error with my host. I will contact them and will get back to you when I do that.

Why not try the script locally?

$_SERVER['HTTP_X_FORWARDED_FOR'] is a very specific header that is set when your server is behind a load balancer. If your server is not behind a load balancer but connected to the internet directly the header will not exist. In that case you should be looking at $_SERVER['REMOTE_ADDR'] instead.

1 Like

I’m on a chromebook that can only run static files locally.

This doesnt work on Glitch. I tried it in the past. I will have more on this after Glitch goes back up (it is down at the moment)

IP addresses can be spoofed, but that being said here’s a better detection script to start with:

declare(strict_types=1);  error_reporting(E_ALL);  ini_set('display_errors', 'On');

function getClientIpAddr() {
    $ip = '';
    if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
        $ip = $_SERVER['HTTP_CLIENT_IP'];
    } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
        $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
    } else {
        $ip = $_SERVER['REMOTE_ADDR'];
    return $ip;

echo 'Client IP address: '. getClientIpAddr();

I read all the conversation, but still can’t find any solution anyone?

Unfortunately on forums, it’s sometimes the case that the OP finds a solution - either through the forum replies, or elsewhere - and doesn’t come back to update the original thread. Equally, the OP might still be trying to sort the problem out. This is why users are encouraged to expand on comments like “It’s OK, I sorted it”.

Sorry for no update! I did find a solution as the original script does work. Close thread!

Perhaps you would post the solution to help anyone who has the same problem in future @RiversideRocks?


First post at the top.

1 Like

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.