Fall Sale! Code FALL2024 takes 25% OFF our Pro Plugins & Books »
Web Dev + WordPress + Security

Temporary PHP Redirect: Allow Multiple IP Access and Redirect Everyone Else

[ Image: Abstract Mathematical Diagram ] In my previous article on temporarily redirecting visitors during site updates, I present numerous PHP and HTAccess methods for handling traffic during site maintenance, updates, and other temporary periods of downtime. Each of the PHP methods presented in the article allow for access from a single IP while redirecting everyone else. In this article, we modify our previous techniques to allow access for multiple IP addresses while temporarily redirecting everyone else to the page of our choice. Plus, while we’re at it, we’ll explore a few additional ways to adapt and use the general technique.

Option One — Quick & Dirty

This is the easiest way to inform your visitors that the site is temporarily unavailable. Especially useful for quick site updates, this code will return a “503 Service UnavailableHTTP status code to the client device while displaying a customized message informing visitors that a site update is in progress. Simply edit the following code with the allowed IP addresses and place at the very beginning of your header.php file:

<?php $allow = array("123.456.789", "456.789.123", "789.123.456");

if(!in_array($_SERVER['REMOTE_ADDR'], $allow) && !in_array($_SERVER["HTTP_X_FORWARDED_FOR"], $allow)) {

	$retry = 60 * 60; // = 60 minutes

	header("HTTP/1.1 503 Service Unavailable");

	header("Retry-After: $retry");

	echo "<h1>Site update in progress - Please return in 60 minutes!</h1>";

	exit();

} ?>

Here are the items you should customize for the previous code to function properly:

  • Edit the value for the “$allow” variable in the first line to include the various IP addresses for which you would like to allow; all other IPs will receive the update message and accompanying status code.
  • Edit the value of “$retry” variable in the third line to reflect the amount of time that should transpire before the client/visitor should revisit your site.
  • If desired, edit the temporary “maintenance message” in the sixth line with whatever text, markup, or script you wish.

Option Two — Full Meal Deal

This method is more flexible in that it provides a temporary redirect to an alternate location. This is useful when you would like to send your visitors to a completely customized maintenance page or to a preexisting page on a different domain. As before, this method also delivers a “503 Service UnavailableHTTP status code to the client and instructs a revisit after the specified period of time. To throw it down, first edit the next code block according to the list below and place at the top of your header.php file:

<?php $allow = array("123.456.789", "456.789.123", "789.123.456");

if(!in_array($_SERVER['REMOTE_ADDR'], $allow) && !in_array($_SERVER["HTTP_X_FORWARDED_FOR"], $allow)) {

	header("Location: http://domain.tld/path/custom.php");

	exit();

} ?>

..then, edit and paste this code into the top of your customized maintenance page (e.g., custom.php):

<?php $retry = 60 * 60; // = 60 minutes

   header("HTTP/1.1 503 Service Unavailable");

   header("Retry-After: $retry");

?>

Here are the items you need to customize for the previous method to function properly:

  • Edit the value for the “$allow” variable in the first line to include the various IP addresses for which you would like to allow; all other IPs will receive the update message and accompanying status code.
  • Edit the “("Location: http://..)” in the third line to reflect the location of your customized maintenance page.
  • Edit the value of “$retry” variable in the third line to reflect the amount of time that should transpire before the client/visitor should revisit your site.

Option Three — Combo Pack

Our third method for redirecting site visitors during updates and maintenance is somewhat of a hybrid of the first two methods. As before, we are redirecting visitors to an alternate location, only this time we are replacing the content of the target maintenance page with an informative message. This option provides yet another degree of flexibility by enabling you to redirect and replace content on the fly. To set it off, edit and drop this first code chunk into the top of your header.php file:

<?php $allow = array("123.456.789", "456.789.123", "789.123.456");

if(!in_array($_SERVER['REMOTE_ADDR'], $allow) && !in_array($_SERVER["HTTP_X_FORWARDED_FOR"], $allow)) {

	header("Location: http://domain.tld/path/custom.php");

	exit();

} ?>

..and then edit (if needed) and slap this bad boy at the beginning of your target page (i.e., custom.php):

<?php $retry = 60 * 60; // = 60 minutes

	header("HTTP/1.1 503 Service Unavailable");

	header("Retry-After: $retry");

	echo "<h1>Site update in progress - Please return in 60 minutes!</h1>";

	exit();

?>

Here are the items you need to customize for the previous method to function properly:

  • Edit the value for the “$allow” variable in the first line to include the various IP addresses for which you would like to allow; all other IPs will receive the update message and accompanying status code.
  • Edit the “("Location: http://..)” in the third line to reflect the location of your customized maintenance page.
  • Edit the value of “$retry” variable in the third line to reflect the amount of time that should transpire before the client/visitor should revisit your site.
  • If desired, edit the temporary “maintenance message” in the sixth line with whatever text, markup, or script you wish.

Additional Ideas and Implementations

While thinking of different ways to use this PHP redirect technique, the first thing that comes to mind is a PHP variation of this HTAccess method for redirecting select visitors to alternate pages. To do this, we need to modify the second line of the second method as follows:

<?php $deny = array("123.456.789", "456.789.123", "789.123.456");

if(in_array($_SERVER['REMOTE_ADDR'], $deny) || in_array($_SERVER["HTTP_X_FORWARDED_FOR"], $deny)) {

	header("Location: http://domain.tld/path/alternate-page.php");

	exit();

} ?>

As before, edit that code and place it into into the header of any page(s) for which you would like to restrict access. Keep in mind, however, that this time the IP addresses listed in the array are being blocked. After editing the IP array, simply change the header location in the third line to whatever alternate URL you wish.

Other ideas for this code involve using the code to blacklist an array of IP addresses from site access. You could also use this code to selectively allow certain IPs to various target pages on your site. The take home message here is that this general technique enables you to redirect, restrict, or allow access in a selective manner for any number of pages or directories throughout your site. If you have alternate methods or ideas for implementation, please share by leaving a comment below. Cheers!

About the Author
Jeff Starr = Web Developer. Security Specialist. WordPress Buff.
The Tao of WordPress: Master the art of WordPress.

13 responses to “Temporary PHP Redirect: Allow Multiple IP Access and Redirect Everyone Else”

  1. Web Design Directory UK 2009/01/26 2:25 am

    The quick and dirty version will do me just fine lol.. I wonder if you could help me sort my directory so it has friendly URLS? :-)

  2. Perhaps.. are you using any particular CMS for the design?

  3. Deliciousss! And efficient! Thank you!

  4. Jeff Starr 2009/06/28 7:52 am

    My pleasure, Tora — glad to be of service ;)

  5. Hi Jeff, I’m using this comment form although my question is off topic but couldn’t find anything related but the “(not) Stupid htaccess tricks”. I gotta say I’ve learned a lot from this site and have it as constant reference, really appreciate all your effort.

    Anyway, going to the question: is there a way to limit certain content to a given amount of views and after that it serves a different page? specifically, I want to limit the amount of flv videos people can watch and after that they’ll get served a “max limit of views reached” page. Hope that makes sense since my English isn’t the best

    Anyway, thanx again and looking forward for your answer

    Best regards

    Fabio

  6. Jeff Starr 2009/07/12 4:23 pm

    Hi Fabio, that’s a new one for me — haven’t heard of any way to do that with HTAccess, but you should be able to find a way to do it with PHP or some other programming language. There is, however, a way to limit file-sizes with HTAccess, but I don’t think it would serve your purpose.

  7. Jeff,
    I have been trying and using this trick over the past couple weeks… I have found that using it when connected wirelessly or even plugged into a router does not work for me… it worked when I plugged directly into a modem but now I don’t have that luxury anymore so I am wondering if there is a trick to this I am missing?

    Thanks.
    Sam

  8. @Sam: one possibility is that your router is dynamically changing your IP address. If so, you would need to adjust the code accordingly to account for the different IPs/ranges.

  9. I’m using your code from your other post to allow my IP and redirect everyone else.

    order deny,allow
    deny from all
    allow from xx.xxx.xx.xxx

    ErrorDocument 403 /maintenance.php

    order allow,deny
    allow from all

    It’s working great while I’m doing a complete reinstall of my WordPress blog.

    I have one challenge though. When I add posts with a mp3 file for a podcast, the PowerPress plugin code cannot verify the file unless I remove the htaccess rules.

    I have a lot of these to do and would like to do the verify and make sure everything is working perfectly before I allow access to the site.

    What IP address would I need to add to be able to let the PowerPress plugin work correctly?

    Thanks

  10. Jeff Starr 2010/03/05 4:14 pm

    @Matt1027: That should be the localhost IP, which is usually 127.0.0.0, if I remember correctly.

  11. Thank you for getting me going with that suggestion. What finally worked was adding the actual name of the server in addition to my IP address.

    allow from xx.xxx.xx.xxx servername.webhost.com

    Thanks again, very much!

  12. Awesome, Matt1027 — thanks for following up with your solution!

Comments are closed for this post. Something to add? Let me know.
Welcome
Perishable Press is operated by Jeff Starr, a professional web developer and book author with two decades of experience. Here you will find posts about web development, WordPress, security, and more »
GA Pro: Add Google Analytics to WordPress like a pro.
Thoughts
I disabled AI in Google search results. It was making me lazy.
Went out walking today and soaked up some sunshine. It felt good.
I have an original box/packaging for 2010 iMac if anyone wants it free let me know.
Always ask AI to cite its sources. Also: “The Web” is not a valid answer.
All free plugins updated and ready for WP 6.6 dropping next week. Pro plugin updates in the works also complete :)
99% of video thumbnail/previews are pure cringe. Goofy faces = Clickbait.
RIP ICQ
Newsletter
Get news, updates, deals & tips via email.
Email kept private. Easy unsubscribe anytime.