send specific visitor (IP) a special page?

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

send specific visitor (IP) a special page?

Postby wvoyance » Wed May 30, 2012 7:38 am

I know I can block some specific IP by
order allow,deny
deny from 210.242.215.197/32
allow from all

But could I send them a specific page?
Those visitors are really nuscent I want to tell them do not come again. :roll:
User avatar
wvoyance
Forum Contributor
 
Posts: 134
Joined: Tue Apr 17, 2012 8:24 pm

Re: send specific visitor (IP) a special page?

Postby Celauran » Wed May 30, 2012 8:08 am

Why not use a PHP header redirect?

Syntax: [ Download ] [ Hide ]
header('Location: foo');
User avatar
Celauran
Moderator
 
Posts: 3119
Joined: Tue Nov 09, 2010 3:39 pm
Location: Montreal, Canada

Re: send specific visitor (IP) a special page?

Postby wvoyance » Wed May 30, 2012 10:18 am

Celauran wrote:Why not use a PHP header redirect?

Syntax: [ Download ] [ Hide ]
header('Location: foo');


Then, they can still access other pages, to my understanding.
User avatar
wvoyance
Forum Contributor
 
Posts: 134
Joined: Tue Apr 17, 2012 8:24 pm

Re: send specific visitor (IP) a special page?

Postby Celauran » Wed May 30, 2012 10:33 am

Not necessarily. You can easily put the blacklist code in one of your included files or your front controller, depending on how your site is set up. In either scenario, every request will see this code called and the undesirables redirected away. Unless, of course, they come in through a proxy of some sort.
User avatar
Celauran
Moderator
 
Posts: 3119
Joined: Tue Nov 09, 2010 3:39 pm
Location: Montreal, Canada

Re: send specific visitor (IP) a special page?

Postby wvoyance » Thu May 31, 2012 6:44 am

Celauran wrote:Why not use a PHP header redirect?

Syntax: [ Download ] [ Hide ]
header('Location: foo');


Could this command redirect only some visitor, not all?
I would like to redirect some visitor :P
User avatar
wvoyance
Forum Contributor
 
Posts: 134
Joined: Tue Apr 17, 2012 8:24 pm

Re: send specific visitor (IP) a special page?

Postby Celauran » Thu May 31, 2012 8:43 am

Well yes, of course. Wrap it in a conditional.
User avatar
Celauran
Moderator
 
Posts: 3119
Joined: Tue Nov 09, 2010 3:39 pm
Location: Montreal, Canada

Re: send specific visitor (IP) a special page?

Postby VladSun » Fri Jun 08, 2012 9:34 am

Syntax: [ Download ] [ Hide ]
header('Location: foo');
exit(); // !!!!
User avatar
VladSun
DevNet Master
 
Posts: 4294
Joined: Wed Jun 27, 2007 9:44 am
Location: Sofia, Bulgaria

Re: send specific visitor (IP) a special page?

Postby pickle » Fri Jun 08, 2012 9:50 am

I believe you can do it in mod_rewrite & therefore in your .htaccess file like your original post:

Syntax: [ Download ] [ Hide ]
  1. RewriteCond %{REMOTE_HOST} ^210\.242\.215\.197 
  2. RewriteRule .* /offline.php [R=302,L] 


I'm not entirely sure how to do it with IP ranges though
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
User avatar
pickle
Briney Mod
 
Posts: 6428
Joined: Mon Jan 19, 2004 7:11 pm
Location: 53.01N x 112.48W

Re: send specific visitor (IP) a special page?

Postby Celauran » Fri Jun 08, 2012 9:54 am

The problem with using .htaccess is that you'd need a new entry for each IP or CIDR value versus being able to query a database if you do it in PHP.
User avatar
Celauran
Moderator
 
Posts: 3119
Joined: Tue Nov 09, 2010 3:39 pm
Location: Montreal, Canada

Re: send specific visitor (IP) a special page?

Postby wvoyance » Fri Jun 08, 2012 7:43 pm

Is every sub-directory which has an index.php need a .htaccess?

I put a .htaccess as the root directory but does not seems to be able to prevent access of some directories.
Put more .htaccess at those directories seems become o.k.
I found those directories seems all contain an index.php
User avatar
wvoyance
Forum Contributor
 
Posts: 134
Joined: Tue Apr 17, 2012 8:24 pm

Re: send specific visitor (IP) a special page?

Postby pickle » Mon Jun 11, 2012 9:47 am

No, an .htaccess file is supposed to be applied to every subdirectory. I'm not sure if there are Apache directives that can be changed which make .htaccess only apply to the current directory, but I've always had them apply to ancestor directories.
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
User avatar
pickle
Briney Mod
 
Posts: 6428
Joined: Mon Jan 19, 2004 7:11 pm
Location: 53.01N x 112.48W


Return to PHP - Security

Who is online

Users browsing this forum: No registered users and 3 guests