Banning or allowing IP addresses... 1

[canajun]

I have a script which checks the users ip, then checks a db to see if it is in it, and if it is, routes the user to a specific page, therefore denying access to a restricted area.

The db is a .txt file, and uses ranges of ip's (ie 123.45.) and bans all ips under it. Rather than listing all the ips to ban, I would rather ban the range, but allow certain ips withing that banned range.. (ie ban 123.45.xxx.xxx, but allow 123.45.22.1)

Here is the script that is in use..
*******
sub CheckBadIP{
open(DB,"../admindir/badip.txt"
while(<DB>){
chomp;
$ip{$_} = 1;
}
close DB;

#print &quot;\n&quot;;
$badip = 0;
foreach $i (keys %ip){
next if (!$i);
$i =~ s/\./\\./g;
($ENV{'REMOTE_ADDR'} =~ /^$i/)&&($badip=1);
# print &quot;($ENV{'REMOTE_ADDR'} =~ /$i/)&&($badip=1);\n&quot;;
}

if($badip){
&SendEmailError;
print &quot;Location: /sorry.htm\n\n&quot;;
exit;
}
}

*******
so what I would like, is to have another .txt db named goodip.txt that would check if in bad range, and allow if in goodip.txt

Does this make sense?

Thanks for any help..

 

[danielhozac]

That isn't very hard. Something like this should do:

sub CheckBadIP{
open(DB,"../admindir/badip.txt");
while(<DB>){
  chomp;
  $ip{$_} = 1;
  }
close DB;
open(DB,&quot;../admindir/goodip.txt&quot;);
while(<DB>){
  chomp;
  $goodips{$_} = 1;
  }
close DB;

#print &quot;\n&quot;;
$badip = 0;
foreach $i (keys %ip){
  next if (!$i);
$i =~ s/\./\\./g;
  ($ENV{'REMOTE_ADDR'} =~ /^$i/)&&($badip=1);
}
foreach $i (keys %goodips){
  next if (!$i);
  $badip = 0 if ($ENV{'REMOTE_ADDR'} eq $i);
}

if($badip){
  &SendEmailError;
  print &quot;Location: /sorry.htm\n\n&quot;;
  exit;
  }
}

//Daniel

 

[canajun]

That worked great Daniel, Thanks!

Now I am trying to get it to email me when someone from the &quot;goodips&quot; accesses the site... I modified the script, but get a 500 error.. where did I go wrong?

*********
sub CheckBadIP{
open(DB,&quot;../admindir/badip.txt&quot;
while(<DB>){
chomp;
$ip{$_} = 1;
}
close DB;
open(DB,&quot;../admindir/goodip.txt&quot;
while(<DB>){
chomp;
$goodips{$_} = 1;
}
close DB;

#print &quot;\n&quot;;

$badip = 0;
foreach $i (keys %ip){
next if (!$i);
$i =~ s/\./\\./g;
($ENV{'REMOTE_ADDR'} =~ /^$i/)&&($badip=1);
}
foreach $i (keys %goodips){
next if (!$i);
$badip = 0 if ($ENV{'REMOTE_ADDR'} eq $i);
}

if($goodips){
&SendEmailRest;
print &quot;Location: /members/t_index.html\n\n&quot;;
exit;
}
}

if($badip){
&SendEmailError;
print &quot;Location: /sorry.htm\n\n&quot;;
exit;
}
}

sub SendEmailRest{
open(MAIL,&quot;|/usr/sbin/sendmail -t&quot;
print MAIL <<&quot;EOF&quot;;
To: rb\@xxx.ca
From: rb\@xxx.ca
Subject: Restricted IP Address

The following user: $ENV{'REMOTE_USER'}
Is accessing the website from: $ENV{'REMOTE_ADDR'}

EOF
close MAIL;
}

sub SendEmailError{
open(MAIL,&quot;|/usr/sbin/sendmail -t&quot;
print MAIL <<&quot;EOF&quot;;
To: rb\@xxx.ca
From: rb\@xxx.ca
Subject: Rejected IP Address

The following user: $ENV{'REMOTE_USER'}
Is being rejected from: $ENV{'REMOTE_ADDR'}

EOF
close MAIL;
}

*******

 

[danielhozac]

Change

if($goodips){

to read

if(!$badip){

//Daniel

 

[canajun]

OK.. I did that, but now I get an email whenever anybody from any IP logs in.. note the two different subs.. &SendEmailRest and &SendEmailError

What I want is if someone from the badip db attempts to log in, &SendEmailError is called

If someone from goodip db logs in, &SendEmailRest is called.

All other IP just carry on, and get access without any interventions..

I think,(but obviously not sure) that we need to create a variable for goodips..

Thanks again, you have been a great help to this beginner!


sub CheckBadIP{
open(DB,&quot;../admindir/badip.txt&quot;
while(<DB>){
chomp;
$ip{$_} = 1;
}
close DB;
open(DB,&quot;../admindir/goodip.txt&quot;
while(<DB>){
chomp;
$goodips{$_} = 1;
}
close DB;

#print &quot;\n&quot;;
$badip = 0;
foreach $i (keys %ip){
next if (!$i);
$i =~ s/\./\\./g;
($ENV{'REMOTE_ADDR'} =~ /^$i/)&&($badip=1);
}
foreach $i (keys %goodips){
next if (!$i);
$badip = 0 if ($ENV{'REMOTE_ADDR'} eq $i);
}

if(!$badip){
&SendEmailRest;
print &quot;Location: /members/t_index.html\n\n&quot;;
}

if($badip){
&SendEmailError;
print &quot;Location: /sorry.htm\n\n&quot;;
exit;
}
}

 

[danielhozac]

Try changing

$badip = 0;
foreach $i (keys %ip){
  next if (!$i);
$i =~ s/\./\\./g;
  ($ENV{'REMOTE_ADDR'} =~ /^$i/)&&($badip=1);
}
foreach $i (keys %goodips){
  next if (!$i);
  $badip = 0 if ($ENV{'REMOTE_ADDR'} eq $i);
}

if(!$badip){
  &SendEmailRest;
  print "Location: /members/t_index.html\n\n";
  }

to

$badip = 0;
$goodip = 0;
foreach $i (keys %ip){
  next if (!$i);
$i =~ s/\./\\./g;
  ($ENV{'REMOTE_ADDR'} =~ /^$i/)&&($badip=1);
}
foreach $i (keys %goodips){
  next if (!$i);
  if ($ENV{'REMOTE_ADDR'} eq $i)
  {
    $badip = 0;
    $goodip = 1;
  }
}

if(!$badip && $goodip){
  &SendEmailRest;
  print "Location: /members/t_index.html\n\n";
  }

//Daniel

 

[canajun]

That seemed to do it Daniel..

Thanks for all your help!

Bob