Block Multiple IP Addresses with PHP

Updated August 8, 2024 • 26 comments

[ Screenshot: The Legion of Doom ] Let’s face it. There’s just as much scum on the Internet as there is out there in the “real world.” Maybe even more, who knows. From scammers and spammers to scrapers and crackers, the Web is just crawling with all sorts of pathetic scumbags. As predictably random as much of the malicious activity happens to be, it is virtually guaranteed that you will be hounded by at least a few persistent IP addresses that, for whatever reason, have latched on and just won’t let go. Like evil parasites, they plague you night and day, haunting you and making your online life a living hell. Perhaps they leave endless spam comments; perhaps they are just mindless trolls giving you grief; or perhaps they continue to take flying stabs at the security of your website. Whatever the behavior, once you have determined that you need to block a collection of bad IPs, you have many ways to get the job done. Here is a simple way to blacklist multiple IP addresses with a little PHP magic..

Throw Down

Edit the following code with your blacklisted IPs and drop into the page or header file of your choice to enjoy immediate relief from relentless scumbags:

<?php $blacklist = array("123.456.789", "456.789.123", "789.123.456");

if(in_array($_SERVER['REMOTE_ADDR'], $blacklist)) {

	header("Location: http://domain.tld/path/custom.php");

	exit();

} ?>

Recap: edit the IPs in the first line to suit your needs. You will also want to edit the header path in the third line to reflect the location of your “special message” for the blocked IPs. This may be anything you wish: warm greetings, pictures of your bum, or even a virus unleashing the black death upon them. Whatever you do, have fun and be safe! ;) Alternately, if you don’t feel like taking the time to craft a loving page for your blocked frenz, replace the header URL in the third line with the viciously disturbing site of your choice. There are many great sites out there to choose from — so be creative!

Similar tutorial: How to Block IP Addresses with PHP »

Lastly, after you have carefully edited the PHP blacklist script according to your needs, place it into the top of your header.php file or web pages of your choice. Any page featuring this code will be inaccessible to the IP addresses blacklisted in the first line. So grab, gulp, and go! This code will keep those nasty chimps far away from your precious pages! ;)

blacklist ip tips tricks

About the Author

Jeff Starr = Creative thinker. Passionate about free and open Web.

26 responses to “Block Multiple IP Addresses with PHP”

Revive 2009/12/03 12:41 am

Thanks for the great post! I’ve been using a massive .htaccess file to block everything thing from ‘nasty’ bots to hackers, etc.. (I’m using a scripted errora page that notifies me of any 404/403/500 errors so we can correct them, etc. Great for those old pages you may have missed redirecting that someone is trying to get at or a search engine is seeking… and this shows me who is trying to access what – like some yahoo overseas trying to access phpmyadmin!).

But, after much trial and error, it seems to be catching some friendly IPs as well.. so, since the site is small, I implemented a pure PHP script that seems to be working great.. although only on the IPs, I haven’t implemented the bots yet. If you have any thoughts on implementing the bot detection through PHP, please let me know ;)

Here it is, in case you want to take a look:
http://pastebin.com/f126c494c

As you can see from the script, I’m sending them to a nice, action packed page (be fore warned if you click the link, it’ll crack you up – family friendly though!)

Cheers and thanks again for the great posts…

Jeff Starr 2009/12/08 12:02 am • Post Author

Awesome stuff, Revive – thanks for sharing. I’m going to check it out the next time I am working with my blacklists. Do you mind if I post an article on my findings, perhaps sharing the script with others in tutorial format?

revive 2009/12/08 12:54 am

Hey Jeff,

Absolutely ! Share anything you need.. everything I’ve learned has been gleaned from someone,.. and no knowledge is good knowledge unless it’s shared :D

Looking forward to seeing what you put together.. always learn a lot from your articles !
Thanks again for the consideration and compliments..

revive 2010/01/21 2:55 am

Hey Jeff,
Wasn’t sure if you had made any headway in adding the ‘bots’ to this blocking script..
I’ve got a good ‘list’ of bots I block when using htaccess, but I haven’t yet implemented them into the php script. Here’s the list I has so far (formatted for htaccess:

http://pastebin.com/f16180dd0

Cheers and looking forward to your post on this ;)

(Been too long that I’ve not kept up on my regular web readings, yours included,.. so getting back in the swing of things!)

Spruch 2010/05/20 12:02 am

Hello from Germany! May i quote a post a translated part of your blog with a link to you? I’ve tried to contact you for the topic Block Multiple IP Addresses with PHP – Perishable Press, but i got no answer, please reply when you have a moment, thanks, Spruch

Jeff Starr 2010/05/23 9:29 am • Post Author

@Spruch: Certainly, help yourself. I appreciate the link :)

If you could send the URL for your page, that would be awesome.

Thanks,
– Jeff

Mikey 2010/05/27 3:15 pm

Hi Jeff,

Thanks for the code, it’s great stuff! I am trying to implement something that records IPs to a text log file, then blocks them if they try to perform a function on my site (like entering a comment in comment box) a second time within a certain timeframe. Would you know of a fast way to achieve time-limited blocking?

Thanks.

Best wishes,

Mikey

Bao Nguyen 2011/07/18 10:24 pm

Hi,

Thanks for the great info. In fact what I want is a php script that do the redirection based on “range of IP”, say a subset of 123.4.x.y for example.

With this aim, I have managed to have the script that does what I want. Here is the script:

//////////nttranbao - redirect to URLabc if remote IP is not within range 192.168

$allow = array("192.168.0.", "123.4.");
$i=0;
$remote_addr = $_SERVER['REMOTE_ADDR'];
$allow_count = count($allow);
while ((strpos($remote_addr, $allow[$i])=== false) && ($i<$allow_count)) {
$i++;
}

if ($i === $allow_count) {// remote IP NOT found in allowed list
header("location:URLabc);
exit();
}

Regards,
Bao

Bryan Nelson 2012/02/05 3:10 pm

Thanks for providing this code. I wanted to know Is there a way to block all ips except few. Do I have to write long array to achieve that? Please help

John M 2012/02/06 1:27 pm

@Bryan Nelson –

Just put the IP addresses you want in an array then run the same check as above essentially as:

$goodips = array('192.168.0.1','192.168.0.2');

if(!in_array($ipofvisitor, $goodips)) {
//send the visitor an error message or new header location
}

Sarah 2012/05/18 1:45 pm

nice way of blocking IP addresses, easily understandable and helped me a lot
thanks for sharing

Pol smythe 2012/05/30 4:04 am

Very nice way of blocking addresses. Just getting a bit concerned my blocking list is getting big.

Is there anyway to block entire subnets? Say block the entire 24. range, but still allow somebody on 1.24.1.1 through?

My understanding is the array compare will flag the 2 above as failures. Ideally I want a “Left” array compare

Comments are closed for this post. Something to add? Let me know.

Revive 2009/12/03 12:41 am

Thanks for the great post! I’ve been using a massive .htaccess file to block everything thing from ‘nasty’ bots to hackers, etc.. (I’m using a scripted errora page that notifies me of any 404/403/500 errors so we can correct them, etc. Great for those old pages you may have missed redirecting that someone is trying to get at or a search engine is seeking… and this shows me who is trying to access what – like some yahoo overseas trying to access phpmyadmin!).

But, after much trial and error, it seems to be catching some friendly IPs as well.. so, since the site is small, I implemented a pure PHP script that seems to be working great.. although only on the IPs, I haven’t implemented the bots yet. If you have any thoughts on implementing the bot detection through PHP, please let me know ;)

Here it is, in case you want to take a look:
http://pastebin.com/f126c494c

As you can see from the script, I’m sending them to a nice, action packed page (be fore warned if you click the link, it’ll crack you up – family friendly though!)

Cheers and thanks again for the great posts…
Jeff Starr 2009/12/08 12:02 am • Post Author

Awesome stuff, Revive – thanks for sharing. I’m going to check it out the next time I am working with my blacklists. Do you mind if I post an article on my findings, perhaps sharing the script with others in tutorial format?
revive 2009/12/08 12:54 am

Hey Jeff,

Absolutely ! Share anything you need.. everything I’ve learned has been gleaned from someone,.. and no knowledge is good knowledge unless it’s shared :D

Looking forward to seeing what you put together.. always learn a lot from your articles !
Thanks again for the consideration and compliments..
revive 2010/01/21 2:55 am

Hey Jeff,
Wasn’t sure if you had made any headway in adding the ‘bots’ to this blocking script..
I’ve got a good ‘list’ of bots I block when using htaccess, but I haven’t yet implemented them into the php script. Here’s the list I has so far (formatted for htaccess:

http://pastebin.com/f16180dd0

Cheers and looking forward to your post on this ;)

(Been too long that I’ve not kept up on my regular web readings, yours included,.. so getting back in the swing of things!)
Spruch 2010/05/20 12:02 am

Hello from Germany! May i quote a post a translated part of your blog with a link to you? I’ve tried to contact you for the topic Block Multiple IP Addresses with PHP – Perishable Press, but i got no answer, please reply when you have a moment, thanks, Spruch
Jeff Starr 2010/05/23 9:29 am • Post Author

@Spruch: Certainly, help yourself. I appreciate the link :)

If you could send the URL for your page, that would be awesome.

Thanks,
– Jeff
Mikey 2010/05/27 3:15 pm

Hi Jeff,

Thanks for the code, it’s great stuff! I am trying to implement something that records IPs to a text log file, then blocks them if they try to perform a function on my site (like entering a comment in comment box) a second time within a certain timeframe. Would you know of a fast way to achieve time-limited blocking?

Thanks.

Best wishes,

Mikey
Bao Nguyen 2011/07/18 10:24 pm

Hi,

Thanks for the great info. In fact what I want is a php script that do the redirection based on “range of IP”, say a subset of 123.4.x.y for example.

With this aim, I have managed to have the script that does what I want. Here is the script:

//////////nttranbao - redirect to URLabc if remote IP is not within range 192.168

$allow = array("192.168.0.", "123.4.");
$i=0;
$remote_addr = $_SERVER['REMOTE_ADDR'];
$allow_count = count($allow);
while ((strpos($remote_addr, $allow[$i])=== false) && ($i<$allow_count)) {
     $i++;
}

if ($i === $allow_count) {// remote IP NOT found in allowed list
     header("location:URLabc);
     exit();
}

Regards,
Bao
Bryan Nelson 2012/02/05 3:10 pm

Thanks for providing this code. I wanted to know Is there a way to block all ips except few. Do I have to write long array to achieve that? Please help
John M 2012/02/06 1:27 pm

@Bryan Nelson –

Just put the IP addresses you want in an array then run the same check as above essentially as:

$goodips = array('192.168.0.1','192.168.0.2');

if(!in_array($ipofvisitor, $goodips)) {
//send the visitor an error message or new header location
}
Sarah 2012/05/18 1:45 pm

nice way of blocking IP addresses, easily understandable and helped me a lot
thanks for sharing
Pol smythe 2012/05/30 4:04 am

Very nice way of blocking addresses. Just getting a bit concerned my blocking list is getting big.

Is there anyway to block entire subnets? Say block the entire 24. range, but still allow somebody on 1.24.1.1 through?

My understanding is the array compare will flag the 2 above as failures. Ideally I want a “Left” array compare

« Previous Comments • 123 • Newer Comments »