Some basic JavaScript IP blocking scripts and some notes on them...
OK...I can see why you might have some trouble with that script. It isn't really very user friendly.
It was more of a playing around kinda thing...but sinse the point has been raised I wrote a few that
I think would be of use and some notes about them...I hope this helps. I am assuming that the server
you are using has you set up to run scripts? Are you allowed to run server side includes? If so then read on...
1) I removed the confermation dialog box...
2) This script simply sends blocked IP's to a 'blocked.html' page.
3) If it is an allowed IP the browser will display the page content
<!-- START HTML HERE -->
<html>
<head>
<script language="JavaScript" type="text/javascript">
var jerk = 'blocked.html'; // Page you wanted blocked IP's to go to.
/*
JavaScript by Dave Lauderdale
Published at: www.digi-dl.com
*/
var ip = '<!--#echo var="REMOTE_ADDR"-->';
function goAway(){ location.href=jerk; }
// add as many as the lines below as you want
if (ip == '1.2.3.4') { goAway(jerk); }
if (ip == '1.2.3.4') { goAway(jerk); }
if (ip == '1.2.3.4') { goAway(jerk); }
</script>
</head>
<body>
Your page content here...
</body></html>
<!-- END HTML HERE -->
Possable security problems with this script:
1) All the user has to do is turn off scripting in his browser and the script will in effect be
turned off...then he would just view the page content anyway.
2) The banned visitor would most likely be able to pull the cached page out of his temporary folder
and view the HTML code that would make up your page after being redirected. You see the page has
to load in order for the script to do it's work...it might load a good bit of the actual HTML you
are trying to keep the banned people from seeing.
==================================================
Another way to write this script is below. This version will send banned IP's to one page and send allowed
IP's to another...but keep in mind this script also falls victim to the same vulnerabilities as the above
script. All one has to do is simply go to the page...even if they are banned and redirected to the banned
page a copy of the HTML file is still on the visitors hard drive. It wouldn't be to hard to get that file
and view the 'allowed.html' pages address and just go directly to it bypassing the script altogether. You
could encrypt / encode the Javascript keeping amateur code crackers from viewing the actual pages location
but this is really not much security.
<script language="JavaScript" type="text/javascript">
var jerk = 'blocked.htm'; // Page you wanted blocked IP's to go to.
var stay = 'allowed.html'; // Page you wanted allowed IP's to go to.
/*
JavaScript by Dave Lauderdale
Published at: www.digi-dl.com
*/
var ip = '<!--#echo var="REMOTE_ADDR"-->';
function goAway(){ location.href=jerk; }
// add as many as the lines below as you want
if (ip == '1.2.3.4') { goAway(jerk); }
if (ip == '1.2.3.4') { goAway(jerk); }
if (ip == '1.2.3.4') { goAway(jerk); }
else { location.href=stay; }
</script>
Final notes: I would look into using a PHP or Perl script to handle these types of things...And really
you have to keep in mind that you can block the IP address but you can't stop the visitor from accessing
your site via a proxy...or can you :)
| 