1

I would like to know if allowing access to a membership area would be more efficient by htaccess allow or a PHP array of ips to check against every page. I am mainly interested in performance.

Are either of these methods recommended when your dealing with hundreds or even thousands of ips?

Is there a better way?

Update:

What if i sniffed for IP and then depending on if the IP is recognized I start a membership or none membership session so as to not have to check ip every pageview?

chris
  • 2,913
  • 4
  • 43
  • 48

3 Answers3

3

It's probably quicker to use htaccess since you won't need to run the php handler to run your php script. There's a similar answer that I gave for blocking IP addresses which utilizes the RewriteMap. You'd just need something the other way around, instead of denying access from those IPs, grant access:

RewriteMap allow_ips txt:/path/to/allow_ips.txt

RewriteCond ${allow_ips:%{REMOTE_ADDR}|0} =1
RewriteRule ^protected/path - [L]

RewriteRule ^protected/path - [L,F]

The contents of the allow_ips .txt file would be:

12.34.56.78 1
11.22.33.44 1
etc.

The RewriteMap directed must be in either the server or vhost config. You can define a map from htaccess, though you can use it there.

If you can't use maps, then you'll need to enumerate all the IPs with an Allow. In the htaccess file in the directory you want to protect:

Order Allow,Deny
Deny from all
Allow from 12.34.56.78
Allow from 11.22.33.44
...

Is there a better way?

The best way is probably to implement a user/password via htpasswd. Here's a tutorial. Then you can put the Auth* stuff in an htaccess file in the directory you want to protect and that's that. Simple.

Community
  • 1
  • 1
Jon Lin
  • 142,182
  • 29
  • 220
  • 220
  • This is interesting. Could there be any performance advantage/distadvantage with the rewitemap over the way tapas pal describes below? Or maybe its just more oragnized. – chris Apr 06 '13 at 14:20
  • Unfortunelty i dont have access to the server/vhost config so i may not be able to use this method. – chris Apr 06 '13 at 14:31
0

you can use .htaccess

<Files 403.shtml>
   order deny,allow
   deny from all
</Files>

allow from 142.4.98.37
allow from 193.105.210.217
allow from 142.4.98.35

//Allow those ip which you want
Tapas Pal
  • 7,073
  • 8
  • 39
  • 86
  • I currently do it this way. Was wonderinh the pros and cons of this way vs the PHP way of checking for IP every page view – chris Apr 06 '13 at 14:04
0

If you're dealing with more than a hundred of I.P. addresses, specially a dynamic I.P., of course the best way to allowing the access, is via PHP script, such like this! Remember that this code is just an example and not completely reviewed:

while($row = mysqli_fetch_array($result)) {
    if ($_SERVER['SERVER_ADDR'] != $row['ip']) {
        header('HTTP/1.0 403 Forbidden');
        break;
    }
}

Viewers can do the rest to fix the syntax above, that's why it's in community wiki.

About the Advantages

For me, there are many advantages in a server-side scripting language. Such you can even program the application to automatically block the I.P. addresses of the users that are spamming, and you can even program how long will they be blocked.

5ervant - techintel.github.io
  • 4,381
  • 7
  • 39
  • 68