zimbabwe — Mon, 24 Dec 2001 16:12:36 +0000

Will -

Yes, I was using javascript. This is not blocking confidential information or anything like that. I work for an ISP and we are implimenting a speed test for our customers. We don't want everyone in the world to be using up our bandwidth for this which is why I needed to block all except for a certain range of IPs.

We are running NT / 2000 servers for our web services.

Thanks,

Zimbabwe

Mark Hensler — Sun, 23 Dec 2001 21:28:29 +0000

You can also use server-side languages to perform additional logic. You can use Apache's environmental variables to access the remote IP: REMOTE_ADDR, REMOTE_HOST

Wil — Sun, 23 Dec 2001 12:19:16 +0000

What do you mean, found out how to do it with Netscape? You mean you were using a client-side method, like Javascript? Well if so, a persistent hacker could very easily get passed your method.

Why not take advantage of server side controll files, typically named .htaccess files on *ix machines. This is a far more secure method, and makes sure that whatever browser they use the authentication happens on server level.

Be very careful with banning IP addresses, though. Make sure you research the IP address and check that it's not a proxy or a gateway IP. And make sure that the machine is not using any sort of IP rewritting. If you ban one of these IPs then that potentially blocks everyone that comes through the same IP, be it a corporate site or even an ISP (although I doubt the last one).

A simple .htaccess file might look like this:

<Directory /path/to/dir>
deny from 205.252.46.165
</Directory>

mmi — Sat, 22 Dec 2001 21:39:32 +0000

hey Zimbabwe - I'm not much help with security, but these threads might help ya some: one - two