Limits placed on IP addresses
A PHP script can access the IP address from which a request was sent by inspecting the server variable $REMOTE_ADDR. This remote address can restrict access. A simple example allows access only from a specific IP address. This can be used to implement administration scripts that allow access only from a specific computer. A variation, shown in Example 9-5, is to allow access to users on a particular network subnet. Example 9-5 limits access to the main content of the script to requests sent from clients with a range of IP addresses that begin with 141.190.17.
Example 9-5. PHP script that forbids access from browsers outside an IP subnet
<?php
if(strncmp("141.190.17", $REMOTE_ADDR, 10) != 0)
{
header("HTTP/1.0 403 Forbidden");
?>
<!DOCTYPE HTML PUBLIC
"-//W3C//DTD HTML 4.0 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd" >
<html>
<head><title>Marketing Department</title></head>
<body>
<h2>403 Forbidden</h2>
<p>You cannot access this page from outside
the Marketing Department.
</body>
</html>
<?
exit;
}
?>
<!DOCTYPE HTML PUBLIC
"-//W3C//DTD HTML 4.0 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd" >
<html>
<head><title>Marketing Department</title></head>
<body>
<h2>Marketing secrets!</h2>
<p>Need new development team - the old one
says <em>No</em> far too often.
</body>
</html>
Another limit that can be applied using the IP address is to help prevent session hijacking-a problem discussed later in this chapter.