Forum Moderators: mack
I need a javascript that will block a range of IP addresses from accessing my site.
I'm using this (that's my own IP, for an example):
<script language="javascript">
var ip = '<!--#echo var="REMOTE_ADDR"-->'
if (ip == '68.192.235.170') {
if (confirm("You are not permitted to access this page"))
{location.href="http://www.somesite.com/ceaseanddesist.html" } else { ("Goodbye."); {location.href="http://www.somesite.com/ceaseanddesist.html" }} }
</script>
That works great for a single IP...but I need to block one specific IP, plus anything from 65.113. and 65.114.
I did find one sample that specifies a range, and I've been messing with it all afternoon:
<!--#if expr="${REMOTE_ADDR} = /^24.55./" -->
<script language="javascript">
alert("STOP! You are not authorized to access this page!");
alert("Do not attempt to return, or your computer will begin a self-destruct sequence!");
if (confirm("Please leave now Or you will be forceably removed!"))
{location.href="http://www.google.com" } else { ("OK your choice, doesn't matter to me! SeeYa!"); {location.href="http://www.getalife.com" }}
</script>
<!--#endif -->
As I said, I can't find the thread I took this from, or I'd gladly post there. The script works fine - but it blocks everything. It seems there's an error in the if statement, but for the life of me after hours, I can't figure what it is.
I don't do a lot of scripting - the problem is I'm being harassed.
I don't have the option of doing this on the server.
Can anybody help?
Thanks,
Mary
[edited by: JamesR at 4:06 pm (utc) on July 16, 2003]
[edit reason] please try and use generic links, thanks! [/edit]
By the looks of it (not 100% sure) those aren't "pure" HTML / javascript - they are using some server-side functionality (Server Side Includes?), the reason for this is that javascript (as far as I know) cannot get access to IP address information for the client and so has to rely on getting it from the server side or at least a more advanced client-side language.
So the short answer appears to be that you can't use just javascript to achieve what you want, if you want to keep reading I'll explain why;
<sidenote>
Before I get sidetracked your multiple IP address question is easily solved using a regular expression such as; /^24\.55\.\d{1,3}\.\d{1,3}$/ - which is what some of your #if's are actually using!
Here's a working example of this (IP is hardcoded)
<script language="javascript">
var regExp = /^10\.0\.\d{1,3}\.\d{1,3}$/
var ip = "10.0.0.100"
if( regExp.test( ip ) ) {
alert("You are not permitted to access this page");
location.href="http://www.example.com/";
}
</script>
</sidenote>
On your 2nd example the following line isn't parsed at a server-side and so it gets treated as a comment, meaning that the block code is always run.
<!--#if expr="${REMOTE_ADDR} = /^24.55./" -->
The same problem would apply to your 1st example too, as the #echo directive isnt being parsed.
Really the problem with javascript is that it's very easy to turn it off - in turn this means that it's very easy to make it ineffective.
Also this post is related to your problem (I couldn't get the code to work though)
[webmasterworld.com...]
- Tony
The first code I posted actually *is* working...is it not picking up the IP and assigning it to the variable name "ip". And if it is, couldn't I pick up the IP as in the first script, then use
var regExp = /^65\ .\d{1,3}\ . 65\ . \d{1,3}$/
to see if the IP picked up fell in that range?
In other words, combine the two into this:
<script language="javascript">
var ip = '<!--#echo var="REMOTE_ADDR"-->'
var regExp = /^65\ .\d{1,3}\ . 65\ . \d{1,3}$/
if( regExp.test( ip ) ) {
alert("You are not permitted to access this page");
location.href="http://www.example.com/";
}
</script>
Does that make any sense? (will test later, but can't now...)
Mary
