问题
<?php if($_SERVER['REMOTE_ADDR'] != 'xx.xx.xx.xx') {
header("Location: http://google.com");
} ?>
Is this a good way to block certain IP addresses from accessing some folders on my windows server ?
Or it can be intercepted with proxy softwares like webscarab and the originating IP address could be modified to bypass this ?
回答1:
It can bypassed with any proxy with has a different IP address to the one you are blocking. You could check X-Forwarded-For (dig it out with apache_request_headers() if you are using Apache), but this is much easier to spoof if you give it precedence over $_SERVER['REMOTE_ADDR'].
Also, I could ignore your Location header. Put an exit after it as well.
回答2:
If your are want only blocking by IP you can use .htaccess for that - it's more easy to set rule for set of directories instead of creating a lot of php files. But it's not a good method for filter users. Create a simple registration form, or use API from twitter, facebook or another.
来源:https://stackoverflow.com/questions/6172601/blacklisting-ip-address