Lite IP Filter” by Astrubal
version 1.0 – February 2010
http://astrubal.nawaat.org/ |
http://www.nawaat.org/
astrubal@gmail.com
nawaat@gmail.com

 

 
– What is “Lite IP Filter”?

 
Lite IP Filter is a PHP script that monitors and even blocks, if you choose to, IP ranges without using a database server. The script can also detect IPs behind proxies (except for proxies that are completely “silent”).

 
– Why “Lite IP Filter”?

 
Many situations may require the use of “Lite IP Filter”, including:

 
If you are uncomfortable with the htaccess file, “Lite IP Filter” can block spammers and those who repetitively try to harm your site.

 
You can have a blog, but do not have access to the web server logs, in this case, you can use “Lite IP Filter” to log all visits by summarizing the Internet to a single IP rang “0.0.0.0 255.255.255.255. If you will be using it for this exact purpose, make sure not to activate the blocking options explained below.

 
For legitimate reasons, you can also block visitors from one or several countries at once. And this script has been developed specifically to deny access to my blog (astrubal.nawaat.org), “nawaat.org” blogs and my friend’s blog Sami Ben Gharbia (kitab.nl) to the Tunisian Internet police. Since these blogs are already censored in Tunisia, the only IPs that can reach them are theoretically those of the censorship bureaucrats who are spying on us . So, why not denying access to all IPs coming fom Tunisia without proxies, as they are certainly unwanted on our blogs.

The enlarged image below is a screenshot of the block page that is displayed now to the Tunisian Internet police when trying to access our blogs:

forbidden-image-article.jpg

Please note that “Lite IP Filter” comes with a default image for the block page (forbidden-ip.html) which you can customize depending on your own preference.

 
Installation

 
Upload Lite-ip-filter folder to your website root folder.

This must be your root web folder and not your ftp root hosting account.

 
Let’s say that your website root folder is
“/home/subfolder/whatever/www/MyDomain.org/

 
then “Lite-ip-filter” folder must be placed inside the “MyDomain.org” folder. And even if your blog might be served from a subdirectory of the website root folder, “Lite-ip-filter” must always be placed at the website root folder.
For example:
if your URL’s blog is “http://www.MyDomain.org/MyNiceBlog/”, “Lite-ip-filter” folder must, as well, be placed inside the “MyDomain.org” folder.

 
To prevent log files (“ip-filter-log.txt” and “RawReq-log.txt“) to be accessible from a web browser, you must ABSOLUTELY set their chmod to “600” (“rw——-“). If you dont know how to do this, google it and meanwhile, please, DONT install this script.

 
Then, to activate the script, insert at the top of your blog loading page the following two lines (just after “<?php“):

 


$IpfilterPathfile=$_SERVER[‘DOCUMENT_ROOT’].”/Lite-ip-filter/Lite-ip-filter.php”;
if (file_exists($IpfilterPathfile)){require_once($IpfilterPathfile);}

 
For example, if your self-hosted blog is using WordPress, insert these two lines at the top of “wp-blog-header.php” file (after “<?php”).

 
If your site is managed by another CMS and it does not contain a global code loader entry, then insert these two lines at the top of each php template file (index.php, article.php, post.php, printer.php , etc.).

 
Please notice that if the script is not installed in the right folder, it will silently fail to load without affecting your website.

 
– Lite IP Filter Settings

 

$DenyIpAccess=false/true;
By default “Lite IP Filter” does not block IPs, it only logs them if they match the $DecimalIpRanges array (see the array below). To block access to the listed IP Ranges, you need to set $DenyIpAccess=true;
The log format is as follows:
         Visitor IP => Proxy IP => Date => requested page => Referer => Browser UA

 

$DetectBehindProxy=true/false;
When Set to”false”, IPs behind proxies are not logged
When set to “true” IPs are only logged. Denying access is set in the next var.

 

$DenyIpAccessBehindProxy=false/true;
If set to true, IPs behind proxies (that match IP ranges) will be blocked.

 

$ExtendedLog=false/true;
When $ExtendedLog is set to “true”, an additional verbose log (“RawReq-log.txt“) will be created.

 

$DecimalIpRanges= array(
2886729728 2886729759“,// Example for 172.16.0.0-172.16.0.31
2886731520 2886731775“// Example for 172.16.7.0-172.16.7.255
);
 
Insert in the $DecimalIpRanges array decimal IP ranges. IP ranges MUST be sorted in ascending order. Each IP Range values (starting IP, ending IP) must be separated by a single space. The script was written to run as fast as possible. Therefore, it does not perform any formatting verification. So please make sure to respect this formatting when you insert the IP ranges.

 

Lite IP Filter was designed to have the smallest fingerprint on your server, even when you are filtering thousands of IP ranges (potentially hundreds of millions of IPs) without using a database server. That’s why, it is essential that the array $DecimalIpRanges is sorted in an ascending order.

 
To facilitate the use of “Lite IP Filter”, you can use “IP Range Tool“, a software that I developped for this purpose and wich contains the World Wide IP data from the top 5 Regional Internet Registries (Afrinic , APNIC, ARIN, IANA, LACNIC, Ripencc).You can dowload “IP Range Tool” from here (Mac, Windows and Linux).

 

IP Range Tool” provides, with a single click, the IP ranges for any country, including their decimal format, sorted in proper order and ready to be inserted in this script by copy/paste. And beyond the needs of “Lite IP Filter”, “IP Range Tool” has also many other nice features to deal with IP ranges.

 

 



“Launch IP Range Tool”, then ensure that
“Disable Decimal Conversion” checkbox is unchecked.
Click the country of your choice … For the example, we will choose Tunisia.


 



Copy the IP ranges in decimal format from the right text field.
(To copy, use the right click or alternatively,
press the button “Copy all converted IPs” at the top right).



 

 


Then go on your script file “Lite-ip-filter.php
and paste the result between the two parentheses “( )”
of the $DecimalIpRanges array.


 

 

In addition, “IP Range Tool” allows to get IP ranges from several countries at once, as well as converting your own IP ranges from different formats.

 


If you want to display multiple countries at once,
please use the “Search by ISO code” menu item and make sure
Get IP ranges” radio button on the search form is checked.



 

 



To make your own ip range list in the format of your choice, you can use the batch converter
(menu Tool>Batch Converter). Many options are available, including htaccess “allow/deny” directive.

 




To manage single conversions, please click on the menu “Tools> Single converter …”

 

 

LiteIpFilterDownload.jpg

DownloadLite IP Filter” a PHP script that monitors and even blocks, if you choose to, IP ranges without using a database server. Lite-ip-filter_1.0.zip (zip).

IP-rangetool-download.jpg

 
If you need to download “IP Range Tool“, (Mac Windows et Linux) :


IP Range Tool 1.0 Windows (2000/XP/VISTA/7) (zip)

IP Range Tool 1.0 Mac OS X (universal pour 10.4+) (zip)

IP Range Tool 1.0 Linux (x86-based avec GTK+ 2.8+ glibc-2.4,libstdc++.so.6, CUPS) (zip)

 
After downloading, no installation is needed … Just unzip and run IP Range Tool 1.0.exe on Windows/Linux and “IP-Range-Tool.app” on Mac.
If necessary, uninstall the software by simply dragging the application folder to the trash.

 

Astrubal
The current English post about the Lite IP Filter has ben published on March 8th, 2010. See the original post in French.

http://astrubal.nawaat.org/

www.nawaat.org

 
Bug reports and suggestions are welcome at:
astrubal@gmail.com
nawaat@gmail.com

Inscrivez-vous

à notre newsletter

pour ne rien rater de nawaat.org

Leave a Reply

Your email address will not be published.