restrict access by matching a static ip address

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
ishakya
Forum Commoner
Posts: 40
Joined: Tue Jan 04, 2011 4:58 am

restrict access by matching a static ip address

Post by ishakya »

Hi all,
our team have developed a web application to a particular company.that company is accessing the web application.That company maintain a static ip to log in.They have multiple computers in side that static ip address.Users can login to the system using their user name & passwords at any time & from any where.
So company management wants to allow their users to log to the system when they comes from their company static ip address. It means they cannot access to the system from outside of the company.So can i get the company static ip address from the login page????.
This what i have been thinking.....
Store the static ip address in the users table and match the ip address with the ip address got from the login page...

So to that i need to get ip address from login page.
any idea would be great.

Thanks in advance.......
User avatar
social_experiment
DevNet Master
Posts: 2793
Joined: Sun Feb 15, 2009 11:08 am
Location: .za

Re: restrict access by matching a static ip address

Post by social_experiment »

$_SERVER['REMOTE_ADDR'] ?

Do they want some sort of 'remember me' option with this? I don't quite understand what they have in mind
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
User avatar
VladSun
DevNet Master
Posts: 4313
Joined: Wed Jun 27, 2007 9:44 am
Location: Sofia, Bulgaria

Re: restrict access by matching a static ip address

Post by VladSun »

.htaccess
[text]order deny,allow
deny from all
allow from 11.22.33.44[/text]
There are 10 types of people in this world, those who understand binary and those who don't
ishakya
Forum Commoner
Posts: 40
Joined: Tue Jan 04, 2011 4:58 am

Re: restrict access by matching a static ip address

Post by ishakya »

Thanks All,
social_experiment
social_experiment wrote:$_SERVER['REMOTE_ADDR'] ?

Do they want some sort of 'remember me' option with this? I don't quite understand what they have in mind
They want to restrict all the users,who are not coming from their company ip address.means users cannot access the system from different locations
yes,some sort of 'remember me' option.

VladSun
VladSun wrote:.htaccess
[text]order deny,allow
deny from all
allow from 11.22.33.44[/text]
Problem is,in my server there is another system running.Actually two systems & different users & different companies.
So i cannot allow access the server to only one ip address

Any help.......
thanks in advance.......
User avatar
social_experiment
DevNet Master
Posts: 2793
Joined: Sun Feb 15, 2009 11:08 am
Location: .za

Re: restrict access by matching a static ip address

Post by social_experiment »

For a "remember me" option you will need an additional check, something like a cookie.
“Don’t worry if it doesn’t work right. If everything did, you’d be out of a job.” - Mosher’s Law of Software Engineering
User avatar
pickle
Briney Mod
Posts: 6445
Joined: Mon Jan 19, 2004 6:11 pm
Location: 53.01N x 112.48W
Contact:

Re: restrict access by matching a static ip address

Post by pickle »

Just a note that IPs can be spoofed relatively easily, so this restriction should not be considered a valid security measure.
Real programmers don't comment their code. If it was hard to write, it should be hard to understand.
ishakya
Forum Commoner
Posts: 40
Joined: Tue Jan 04, 2011 4:58 am

Re: restrict access by matching a static ip address

Post by ishakya »

Thanks all,
pickle wrote:Just a note that IPs can be spoofed relatively easily, so this restriction should not be considered a valid security measure.
Yes i know pickle,
But the company people wont listen to this.....
social_experiment wrote:For a "remember me" option you will need an additional check, something like a cookie.


But can u tell me how can i get the ip address from the index page.......

Thanks in advance....
User avatar
VladSun
DevNet Master
Posts: 4313
Joined: Wed Jun 27, 2007 9:44 am
Location: Sofia, Bulgaria

Re: restrict access by matching a static ip address

Post by VladSun »

ishakya wrote:VladSun
VladSun wrote:.htaccess
[text]order deny,allow
deny from all
allow from 11.22.33.44[/text]
Problem is,in my server there is another system running.Actually two systems & different users & different companies.
So i cannot allow access the server to only one ip address

Any help.......
thanks in advance.......
http://httpd.apache.org/docs/1.3/mod/mod_access.html
Summary

The directives provided by mod_access are used in <Directory>, <Files>, and <Location> sections as well as .htaccess files to control access to particular parts of the server.
There are 10 types of people in this world, those who understand binary and those who don't
User avatar
Apollo
Forum Regular
Posts: 794
Joined: Wed Apr 30, 2008 2:34 am

Re: restrict access by matching a static ip address

Post by Apollo »

ishakya wrote: VladSun
VladSun wrote:.htaccess
[text]order deny,allow
deny from all
allow from 11.22.33.44[/text]
Problem is,in my server there is another system running.Actually two systems & different users & different companies.
So i cannot allow access the server to only one ip address
You can just insert this .htaccess rule in the subdirectory where the site for just that one company is located. It will protect that particular directory + any subdirectories inside it.

(in the unlikely case that you're hosting two different sites in the same subdir: fix that first :))
ishakya
Forum Commoner
Posts: 40
Joined: Tue Jan 04, 2011 4:58 am

Re: restrict access by matching a static ip address

Post by ishakya »

thanks all for your support...

But i didn't get much of that....
can u explain it more please.......

Because I'm new with php & related stuff


So any explanations will be an advantage...
thanks in advance.....
User avatar
VladSun
DevNet Master
Posts: 4313
Joined: Wed Jun 27, 2007 9:44 am
Location: Sofia, Bulgaria

Re: restrict access by matching a static ip address

Post by VladSun »

It's not PHP - it's Apache config.
Just create a .htaccess file in the root directory of the site you want to protect and write the lines I gave you above - change the IP, of course.
Also you have to be sure that .htaccess file rules are permitted by using http://httpd.apache.org/docs/1.3/mod/co ... owoverride
There are 10 types of people in this world, those who understand binary and those who don't
ishakya
Forum Commoner
Posts: 40
Joined: Tue Jan 04, 2011 4:58 am

Re: restrict access by matching a static ip address

Post by ishakya »

thanks vladsun,
but can u tell me how to create a .htaccess file????
thanks in advance
User avatar
VladSun
DevNet Master
Posts: 4313
Joined: Wed Jun 27, 2007 9:44 am
Location: Sofia, Bulgaria

Re: restrict access by matching a static ip address

Post by VladSun »

As usual?!? Nothing special about it.
There are 10 types of people in this world, those who understand binary and those who don't
User avatar
flying_circus
Forum Regular
Posts: 732
Joined: Wed Mar 05, 2008 10:23 pm
Location: Sunriver, OR

Re: restrict access by matching a static ip address

Post by flying_circus »

VladSun wrote:As usual?!? Nothing special about it.
I have found that windows wont let you save a file without a name. I have to create a.htaccess, upload the file, then rename it to .htaccess
Post Reply