Restrict IP access to a Perl application

B

barramundi9

Dear all:

I am a newbie to Perl and have an application written in Perl. I put
IPs that are "allowed" to access the application into a file called
"ip.allow".

I then tried to compare the $ENV{REMOTE_ADDRESS} to the IPs in
"ip.allow" to determine the access right which looks like the
following:

10.0.0.1
10.0.0.2
10.0.0.3

And the code is:

$address=$ENV{'REMOTE_ADDR'};

open(FILE,"/path/to/ip.allow") or die ("Cannot open file!");
flock(FILE,2);
while ($line=<FILE>) {
$line=~s/\./\\\./g;
if ($line =~ /$address/) {
print "IP matched!!\n";
last;
}
}
flock(FILE,8);
close(FILE);

But it doesn't seem to work because when I take out 10.0.0.1 from the
ip.allow file, 10.0.0.1 can still access the application.

Any suggestions are appreciated, thanks.

barramundi9
 
J

John W. Krahn

barramundi9 said:
I am a newbie to Perl and have an application written in Perl. I put
IPs that are "allowed" to access the application into a file called
"ip.allow".

I then tried to compare the $ENV{REMOTE_ADDRESS} to the IPs in
"ip.allow" to determine the access right which looks like the
following:

10.0.0.1
10.0.0.2
10.0.0.3

And the code is:
Click to expand...

Don't forget:

use warnings;
use strict;
$address=$ENV{'REMOTE_ADDR'};

open(FILE,"/path/to/ip.allow") or die ("Cannot open file!");
flock(FILE,2);
while ($line=<FILE>) {
$line=~s/\./\\\./g;
if ($line =~ /$address/) {
print "IP matched!!\n";
last;
}
}
flock(FILE,8);
close(FILE);

But it doesn't seem to work because when I take out 10.0.0.1 from the
ip.allow file, 10.0.0.1 can still access the application.

Any suggestions are appreciated, thanks.
Click to expand...

You probably don't want to use a regular expression. This should work
better:

while ( my $line = <FILE> ) {
chomp $line;
if ( $line eq $address ) {
print "IP matched!!\n";
last;
}
}



John
 
M

Martijn Lievaart

Dear all:

I am a newbie to Perl and have an application written in Perl. I put
IPs that are "allowed" to access the application into a file called
"ip.allow".

I then tried to compare the $ENV{REMOTE_ADDRESS} to the IPs in
"ip.allow" to determine the access right which looks like the following:

10.0.0.1
10.0.0.2
10.0.0.3

And the code is:

$address=$ENV{'REMOTE_ADDR'};

open(FILE,"/path/to/ip.allow") or die ("Cannot open file!");
flock(FILE,2);
while ($line=<FILE>) {
$line=~s/\./\\\./g;
if ($line =~ /$address/) {
print "IP matched!!\n";
last;
}
}
flock(FILE,8);
close(FILE);

But it doesn't seem to work because when I take out 10.0.0.1 from the
ip.allow file, 10.0.0.1 can still access the application.
Click to expand...

1) You don't chomp the input line, so it still contains a \n
2) You can just compare strings, no need for the regexp
3) You forgot to anchor your regexp (/^$address$/), but see 2)

HTH,
M4
 
D

Dave Weaver

barramundi9 said:
open(FILE,"/path/to/ip.allow") or die ("Cannot open file!");
flock(FILE,2);
while ($line=<FILE>) {
$line=~s/\./\\\./g;
Click to expand...

You replace '.' with '\.' in $line...
if ($line =~ /$address/) {
Click to expand...

....so now you're matching: "10\\.0\\.0\\.1\n' =~ /10.0.0.1/
which obviously fails since there are no backslashes in $address.

I suspect you meant this to be:
if ( $address =~ /$line/ ) {
which would still fail since there is no "\n" in $address.

In which case you could use chomp and also get rid of the s///
and use \Q in your match:
chomp $line;
if ( $address =~ /\Q$line/ ) {

or, better yet, use chomp() and eq
chomp $line;
if ( $line eq $address ) {
 
B

barramundi9

_
barramundi9 ([email protected]) wrote on VCCLXV September MCMXCIII
in <URL:)) Dear all:
))
)) I am a newbie to Perl and have an application written in Perl. I put
)) IPs that are "allowed" to access the application into a file called
)) "ip.allow".
))
)) I then tried to compare the $ENV{REMOTE_ADDRESS} to the IPs in
)) "ip.allow" to determine the access right which looks like the
)) following:
))
)) 10.0.0.1
)) 10.0.0.2
)) 10.0.0.3
))
)) And the code is:
))
)) $address=$ENV{'REMOTE_ADDR'};
))
)) open(FILE,"/path/to/ip.allow") or die ("Cannot open file!");
)) flock(FILE,2);
)) while ($line=<FILE>) {
)) $line=~s/\./\\\./g;
)) if ($line =~ /$address/) {
)) print "IP matched!!\n";
)) last;
)) }
)) }
)) flock(FILE,8);
)) close(FILE);
))
)) But it doesn't seem to work because when I take out 10.0.0.1 from the
)) ip.allow file, 10.0.0.1 can still access the application.

That seems odd. In fact, I find it odd that, assuming $ENV {REMOTE_ADDR}
actually contains an IP address, anything matches at all. Say, for instance
$ENV {REMOTE_ADDR} contains "10.0.0.1", and ip.allow contains the three
addresses listed above. Then you do the following tests:

"10\\.0\\.0\\.1\n" =~ /10.0.0.1/
"10\\.0\\.0\\.2\n" =~ /10.0.0.1/
"10\\.0\\.0\\.3\n" =~ /10.0.0.1/

There's no way this is going to match.

*Unless* $ENV {REMOTE_ADDR} is empty, then you'd be comparing the addresses
in ip.allow to //, which will always match.

)) Any suggestions are appreciated, thanks.

Why are you rolling your own security? This is a task that should be done
by the webserver.

Abigail
Click to expand...

Thanks for all your replies.

John, you are right, it can be done without regex.

Thanks again.

barramundi9
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Perl IP to Domain Name converter. 6
Restrict based on IP address 4
how to restrict access to certain ip ranges 3
Problem Splitting Text String 2
[XS] direct access to the perl stack in XS code 1
Get remote IP in self-calling script 13
How can we restrict the ip range to access my web application 5
hostname <-> ip address 3

Members online

No members online now.
Total: 26 (members: 0, guests: 26)
Robots: 457

Forum statistics

Threads
473,769
Messages
2,569,580
Members
45,054
Latest member
TrimKetoBoost

Latest Threads

Top