Welcome to WebmasterWorld Guest from 54.221.9.209

Forum Moderators: phranque

Message Too Old, No Replies

Blocking certain IP address(es)

How does one accomplish this in a reasonable way?

     
4:17 pm on Jul 29, 2010 (gmt 0)

New User

5+ Year Member

joined:Sept 14, 2009
posts: 35
votes: 0


Is there a reasonably simple solution to blocking certain IP's and/or places from accessing a particular website? What if the place I want to block has rotating IP addresses, such that it might be impossible to block all the possible IP's?

Any comment or direction to a treatment of this would be appreciated.
4:33 am on Aug 2, 2010 (gmt 0)

Senior Member from KZ 

WebmasterWorld Senior Member lammert is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Jan 10, 2005
posts: 2886
votes: 1


Hi Kenny,

There are roughly three levels to block a visitor from a certain IP address to get access to your website. The first level is in a firewall outside, or at the outer layer of your server. The second level is in the web server software (Apache, IIS, Nginx) and the third level is in the website application scripts (PHP, ASP, Perl, etc)

Blocking at the firewall level is the fastest, and has the less performance impact on the server but it is the most difficult to maintain. Blocking at the scripting level is the most versatile but uses the most CPU processing power and probably requires the most programming effort from your side.

Which option is the best for you depends on the server software you use, the scripting language and the knowledge you have in configuring them. Also how fast the IP address changes may influence your decision. If it is a fixed group of IP addresses from a data center used by a scraper, just blocking those addresses in the firewall is the most efficient way. But if you want to block a manual forum abuser who uses a number of different proxies to try to spam your forum, a solution in your forum scripting software might be a better way to go. Some forum software distributions have a built-in option to block certain IP addresses or address ranges.
5:20 am on Aug 2, 2010 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member tangor is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 29, 2005
posts:6148
votes: 282


All above, but don't neglect the possibility of blocking by UA, Referer (sp correctly) or, possibly, by URI depending on how your site is being accessed. Sounds like you want to block a site rather than a visitor, or perhaps a scaper after your goodies. Look for common strings in your logs, run comparison searches in those logs to determine collateral damage (if any) then implement. A "set it and forget it (which you NEVER want to forget) is killing a CDIR range of IPs... less typing, more efficient, but is a shotgun approach.