rah_ip_range

Gocom · 2008-10-31 02:28:38

Block or allow visitors based on IP range.

Last edited by Gocom (2008-10-31 03:13:06)

Nikolaos · 2008-10-31 16:52:49

Hi Jukka, once again thank you for your great assistance and help!!

Can I ask if you can use the plugin to allow / deny multiple IP ranges? For example if we want to allow the IP ranges 100.100.0.1-59 and 111.111.0.1-59 can we use twice the tag in a page/section/form? If now we need to allow a IP range 100.100.0.1-59 but disallow the 111.111.0.1-59 are we going to use the tag twice for each case with different ‘method’?

I truly look forward to your answer.

Cheers!

Gocom · 2008-10-31 17:50:24

Nikolaos wrote:

If now we need to allow a IP range 100.100.0.1-59 but disallow the 111.111.0.1-59 are we going to use the tag twice for each case with different ‘method’?

As usually with Textpattern tags: yes. Basically in that case, disallow/allow specific ranges, but remember that the second tag won’t overrite the first, so you can’t actually use range that is within the first rage.

<txp:rah_ip_range method="deny" fromip="80.etc" toip="90.etc" />
<txp:rah_ip_range method="deny" fromip="100.etc" toip="120.etc" />

Last edited by Gocom (2008-10-31 17:56:56)

Nikolaos · 2008-11-03 15:25:23

It seems that regardless the range family structure still the second tag is not functional at all when the method is equal to ‘allow’.
For instance when I am suing two complete different ranges:

<txp:rah_ip_range method="allow" fromip="129.000.1" toip="129.000.999" /> <txp:rah_ip_range method="allow" fromip="180.000.1" toip="180.000.99" />

The IPs of the ranges 180.etc cannot access the web that the tag is positioned.

Any thoughts please??!

Gocom · 2008-11-03 17:27:12

Nikolaos, as I stated earlier:

but remember that the second tag won’t overrite the first

So, the first tag already kills textpattern, so, nada – the second won’t override it.

Nikolaos · 2008-11-05 15:01:14

Thanks Gocom!

Thus I have to use only one IP range for each page / form.

Thanks!

ruud · 2008-11-05 15:35:55

Gocom, is it possible to use the tag multiple times if you’re using it to DENY a certain range?

If you wanted to allow only the ranges 10.0.0.0 – 10.255.255.255 and 192.168.0.0 – 192.168.255.255, then perhaps this would work:

<txp:rah_ip_range method="deny" fromip="0.0.0.0" toip="9.255.255.255" />
<txp:rah_ip_range method="deny" fromip="11.0.0.0" toip="192.167.255.255" />
<txp:rah_ip_range method="deny" fromip="192.169.0.0" toip="255.255.255.255" />

Although it would be easier if you could specify something like this (perhaps in a future plugin version?):

<txp:rah_ip_range method="allow" range="10.0.0.0/8, 192.168.0.0/16" />

or:

<txp:rah_ip_range method="allow" range="10.0.0.0-10.255.255.255, 192.168.0.0-192.168.255.255" />

Gocom · 2008-11-05 18:12:44

If you wanted to allow only the ranges 10.0.0.0 – 10.255.255.255 and 192.168.0.0 – 192.168.255.255, then perhaps this would work:

Yep, it would, as I was saying earlier ;)

Although it would be easier if you could specify something like this (perhaps in a future plugin version?):

Possibly (maybe) coming out somewhere when you least expect it :)

kazcor · 2008-11-17 05:47:33

Hi,

first of all thanks for another great plugin :)
I’m trying to get MSNBot to stay out of some pages and as it doesn’t seem to honor robots.txt neither I’m able to use htaccess for this, this plugin fits in perfectly. So basicly I’m going with a small set of deny rules:

<txp:rah_ip_range fromip="64.4.0.1" toip="64.4.63.254" method="deny"/>
<txp:rah_ip_range fromip="65.52.0.1" toip="65.55.255.254" method="deny"/>
<txp:rah_ip_range fromip="207.46.0.1" toip="207.46.255.254" method="deny"/>
<txp:rah_ip_range fromip="207.68.128.1" toip="207.68.207.254" method="deny"/>

This is done at the very beginning of the default template currently used for all sections on my side. I’ve tested this with my own single ip and it correctly redirected me to the corresponding error page. However yesterday I got a visit from 65.55.105.197 that made it to an actual article and I have no clue why, because it should match the second rule. Any ideas? There are no other rules that might allow/override the ones mentioned above …

Thanks!

Gocom · 2008-11-17 10:42:48

kazcor wrote:

However yesterday I got a visit from 65.55.105.197 that made it to an actual article and I have no clue why, because it should match the second rule. Any ideas?

Bots do like to make URLs/paths up. Basically the bot might request the URL, but the bot will still see the error page, not the actual article. It’s been tested before. For example, if the bot once saw search form on the website, it will always send random search gueries to your server, no matter what. Other is that in example Googlebot tries to guess my section/article urls by accident. By my experiments, 350+ page containing blog, will get mass amount of non-existing path tries, including random ?q=xxx, ?s=xxx, ?id=xxx etc. even random GETS, made up urls that sometimes are even indexed if you don’t deliver valid 404 pages. Seach engines are magic, a lot of bandwidth eating magic ;)

Not sure about MSNbot, but it should honor robots.txt; yes it will visit those pages (so do all other bots too, spam bots are even usually adjusted to try exspecially URLs contained in robots.txt), but it doesn’t index them.

One way also is that your server’s IPv4 converter is sometimes failing (it does that), it suspected the IP be outside of the range because of that, or then PHP didn’t return correct IP for the requester (shouldn’t happen so much) – if the bot really was in the article page.

kazcor · 2008-11-17 15:10:34

Cocom wrote:

Bots do like to make URLs/paths up. Basically the bot might request the URL, but the bot will still see the error page, not the actual article.

Of course, you’re right. I just tried this one with my IP and that’s exactly the way it works. I just was irritated by seeing the correct article URL and return code 200 in my txp log, but that’s of course not a proper indicator in this case as the plugin acts and behaves on a higher application level.

Not sure about MSNbot, but it should honor robots.txt; yes it will visit those pages (so do all other bots too, spam bots are even usually adjusted to try exspecially URLs contained in robots.txt), but it doesn’t index them.

Hmm, I was not aware of this. Thanks for explaining this so detailed :)

Bill Grimm · 2011-06-25 16:10:54

Would it be possible to modify this plugin to block just a certain form on a page from a malicious ip, and return an “Access Denied” message rather than using <txp:die>? I’d like to be able to use a conditional to determine whether or not to display the form’s contents to a user based on their ip. Thanks for your hard work!

Textpattern CMS

Textpattern CMS support forum

#1 2008-10-31 02:28:38

rah_ip_range

#2 2008-10-31 16:52:49

Re: rah_ip_range

#3 2008-10-31 17:50:24

Re: rah_ip_range

#4 2008-11-03 15:25:23

Re: rah_ip_range

#5 2008-11-03 17:27:12

Re: rah_ip_range

#6 2008-11-05 15:01:14

Re: rah_ip_range

#7 2008-11-05 15:35:55

Re: rah_ip_range

#8 2008-11-05 18:12:44

Re: rah_ip_range

#9 2008-11-17 05:47:33

Re: rah_ip_range

#10 2008-11-17 10:42:48

Re: rah_ip_range

#11 2008-11-17 15:10:34

Re: rah_ip_range

#12 2011-06-25 16:10:54

Re: rah_ip_range

Board footer