How to block IP address in a guestbook?

[pcchong]

I use a free database-driven ASP guestbook. I want to add a IP address
blocking filter to it( just to block one particular guest). What is the
easiest way to do so? Thanks.

pcchong

 

[PW]

I use a free database-driven ASP guestbook. I want to add a IP address
blocking filter to it( just to block one particular guest). What is the
easiest way to do so? Thanks.

Put this at the beginning of the first ASP (change "111.222.333" to your
enemys IP address) ...

<%
if Request.ServerVariables("REMOTE_ADDR") = "111.222.333" then
Response.End
end if
%>

 

[Roland Hall]

in message : I use a free database-driven ASP guestbook. I want to add a IP address
: blocking filter to it( just to block one particular guest). What is the
: easiest way to do so? Thanks.

I don't know where you're coming from [IP address] so you would have to
modify this but directions are included. I'm redirecting everyone as an
example. Modify the appropriate lines and then put this at the top of your
page where you want to block someone. However, if their IP is dynamic, then
you'd need to modify it to block IP ranges.

<%@ Language=VBScript %>
<%
Option Explicit
Response.Buffer = True
dim outtahair, visitor, strURL
strURL = "http://www.fbi.gov/mostwant.htm" ' modify this line for target
redirect host
outtahair = Request.ServerVariables("REMOTE_HOST")
' Delete the line above and uncomment the one below replacing x.x.x.x with
IP to redirect
' outtahair = "x.x.x.x"
visitor = Request.ServerVariables("REMOTE_HOST")
if visitor = outtahair then
Response.Clear()
Response.Redirect(strURL)
end if
%>

http://kiddanger.com/lab/remotehostredirect.asp

HTH...

--
Roland Hall
/* This information is distributed in the hope that it will be useful, but
without any warranty; without even the implied warranty of merchantability
or fitness for a particular purpose. */
Technet Script Center - http://www.microsoft.com/technet/scriptcenter/
WSH 5.6 Documentation - http://msdn.microsoft.com/downloads/list/webdev.asp
MSDN Library - http://msdn.microsoft.com/library/default.asp

 

[Jeff Cochran]

Put this at the beginning of the first ASP (change "111.222.333" to your
enemys IP address) ...

<%
if Request.ServerVariables("REMOTE_ADDR") = "111.222.333" then
Response.End
end if
%>

Better would be to check the address and if it's not allowed, simply
not update the guestbook. Let them go through the process, thank them
for their entry, just don't record it.

Jeff

 

[pcchong]

Thanks. It works for specific IP, but what if it is a IP range, say
210.187.176.# to 210.187.176.### . How do I change the line? Thanks.


pcchong

 

[Bob Barrows [MVP]]

Use Instr(), or a Regular Expression.

Instr():

dim sIP
sIP = Request.ServerVariables("REMOTE_ADDR")

if Instr(sIP, "111.222.333") > 0 then

For more complicated patterns, you should use a Regular Expression.

Bob Barrows

 

[pcchong]

Thanks. This is a better way.


pcchong

Use Instr(), or a Regular Expression.

Instr():

dim sIP
sIP = Request.ServerVariables("REMOTE_ADDR")

if Instr(sIP, "111.222.333") > 0 then

For more complicated patterns, you should use a Regular Expression.

Bob Barrows


--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.

 

[pcchong]

My joy is shortlived. This guest still managed to enter with the same IP
(within the IP range that the IP blocking filter set). How can he get
through? Thanks.

pcchong

 

[Jeff Cochran]

My joy is shortlived. This guest still managed to enter with the same IP
(within the IP range that the IP blocking filter set). How can he get
through? Thanks.

Good question. But what did you do with Bob's code? Are you sure
you're blocking that IP and not just checking to see what it is?

Jeff

 

[pcchong]

I place this in the beginning of the first asp:

<%
dim sIP
sIP = Request.ServerVariables("REMOTE_ADDR")
if Instr(sIP, "###.###.###") > 0 then
Response.End
end if
%>

Anything wrong? Please advise. Thanks.

pcchong

 

[Bob Barrows [MVP]]

Are you sure the offender has an ip that should be blocked by this
statement? How are you verifying this?

Are you sure Request.ServerVariables("REMOTE_ADDR") contains that ip
address? How are you verifying this?

Bob Barrows

 

[pcchong]

I can see his IP from the guestbook. I tested this filter using my IP
address and it worked, that is why I am so puzzled. I would appreciate it if
you could suggest how I can verify the IP. Many thanks again.

pcchong

 

[PW]

I can see his IP from the guestbook. I tested this filter using my IP
address and it worked, that is why I am so puzzled. I would appreciate it if
you could suggest how I can verify the IP. Many thanks again.

Perhaps you enemy is bypassing the initial (menu?) ASP and going straight to
the guestbook ASP. Move the new code from your initial (menu) ASP over to
the page where you insert the guestbook information into your database.
That way, you enemy will be able to type in a post, but it won't get written
to your database, and therefore no one will ever see it.

HTH,
PW

 

[Evertjan.]

PW wrote on 23 mei 2004 in microsoft.public.inetserver.asp.general:

Perhaps you enemy is bypassing the initial (menu?) ASP and going
straight to the guestbook ASP. Move the new code from your initial
(menu) ASP over to the page where you insert the guestbook information
into your database. That way, you enemy will be able to type in a
post, but it won't get written to your database, and therefore no one
will ever see it.

why not block both pages?

 

[pcchong]

Yes, you are right. Instead of just put the filter in the index(first) file,
I should put it also in the other input files. Problem solved. Many many
thanks to everyone.

pcchong