How to Block IP Addresses with PHP
![[ Image: Skeletor Blocks a Move ]](https://perishablepress.com/wp/wp-content/images/2007/misc-chunks/block-senders.jpg "'Sorry, but access is NOT allowed - ha ha ha ha ha!'")
Figuratively speaking, hunting down and killing spammers, scrapers, and other online scum remains one of our favorite pursuits. Once we have determined that a particular IP address is worthy of banishment, we generally invoke the magical powers of htaccess to lock the gates. When htaccess is not available, we may summon the versatile functionality of PHP to get the job done.
This method is straightforward. Simply edit, copy and paste the following code example into the top of any PHP for which you wish to block access:
<?php $deny = array("111.111.111", "222.222.222", "333.333.333");
if (in_array ($_SERVER['REMOTE_ADDR'], $deny)) {
header("location: https://example.com/");
exit();
} ?>The code basically creates an array of the IP addresses that you wish to block, and then checks incoming addresses against the array. If the incoming (i.e., remote) address matches against any value in the array, the function will deny access with a redirect header to the specified URL, which in this case is the majestic Google home page. It all happens quickly behind the scenes.
Usage
When using this code in your pages, simply replace the “dummy” IP addresses (i.e., "111.111.111", "222.222.222", ...) with those that you wish to block (e.g., "123.456.789", "123.456.*", "123.*", ...). Yes, PHP understands wildcard operators (i.e., *). Also you may want to change the redirect location. Currently it is set to https://example.com/, so feel free to change that to whatever URL is desired.
After making any changes, upload the file to your server. If you would like to verify this method, simply lookup your own IP address, add it to the array, and try loading the target page. That’s all there is to it — “grab, gulp, and go”.
Using this method, you may also wish to create a customized page to which blocked addresses are redirected, perhaps to explain the situation, provide contact information, or display a macro shot of your greasy bum, or perhaps send them to the blackhole.
109 responses to “How to Block IP Addresses with PHP”
I have found that your code doesn’t work well with wildcards at all. I still use the
in_array()function check because for exact matches it is quicker but if you are blocking a range of IPs with wildcards then you need to use theeregi()function and check each item in your array separately for example:[ Editor’s note: code example gobbled by WordPress ]
JRSofty,
Please repost! Your code example was gobbled up by WordPress.. Either wrap each line in
<code>tags or enclose the whole lot in both pre and code tags:<pre><code>. We would love to hear your findings regarding this method. :)My pleasure! Thanks for the positive feedback ;)
Simple, and easy to understand, even for ME!! I’ve been getting spammed from lots of people adding ridiculous off-topic comments (usually selling something) on my site… This should help me screen them out!
Thanks for the tip!!
Sorry about that here is what I am using
if(in_array($_SERVER['REMOTE_ADDR'],$bannedIP)) {// this is for exact matchesheader("Location: {$registry['bannedRedirect']}");exit();} else {// this is for wild card matchesforeach($bannedIP as $ip) {if(eregi($ip,$_SERVER['REMOTE_ADDR'])) {header("Location: {$registry['bannedRedirect']}");exit();}}}Thank you for reposting, JRSofty! I will definitely be experimenting with this method and I am quite sure that it will help people who are dealing with wildcards. Thanks again for sharing your technique with us ;)
If you get the warning that you can’t “modify header information” you can solve this by putting
<?php ob_start; ?>at the very top of your page.
Thanks for reminding us of that, Alex — it is definitely helpful! (Note: I repaired the code in your original comment and deleted the corrective follow-up) – Cheers!
Hello,
I block IPs with this php-code:
<?php $ips = array('123.456.7.8','123.456.7.9');if(in_array($_SERVER['REMOTE_ADDR'],$ips)) die( 'Access denied - Zugriff verweigert' ) ; ?>How can I block a full IP-Range with this Script? From 123.45.6.7 to 123.56.8.9?
Hi Fabian,
Check out JRSofty’s comment and use wildcard operators to block the specified IP range. List all specific and/or address blocks in an array and test accordingly. ;)
Cool. Thanks! It works fine.
But how can I build in an e-mail notify or a log-file?
Fabian, I am sure there are many ways to accomplish your scripting goals. I would recommend a good book on PHP or maybe even a Google search..