Reputation: 1911
Blocking IP address for a certain time .
How do I block a users Ip address for a stipulated time limit if the uer fails to validate multiple times (15~20) . This is to be implemented for protection against brute force attacks .
I have to implement this in yii . I tried implementing using php header function in controller but it did not work out . Also what about setting a time limit , how can I set a time limit on the block ?
Upvotes: 1
Views: 2389
Answers (4)
Reputation: 1467
As suggested in a comment, I would have used Yii's 'onBeginRequest' event to initiate this check and block the caller if needed to, like this (just an example):
'onBeginRequest' => array('YourClass', 'staticMethod'),
This can be achieved by editing main.php master config file to call a static method in a class, to do the check and block the request if needed to. This is how I do it in a Yii based project that I'm working on, to achieve some monitoring requirements that I have. When this method is called, you have all Yii's internal components at your belt to work with.
If you need to know the IP address of the sender I recommend using something more robust than _SERVER['REMOTE_ADDR'], like using getRemoteIpAddress() from PcMaxmindGeoIp extension.
Upvotes: 1
Reputation: 4478
I dont know yii, I m just giving basic logic. Save IP address for the visitors in the database, with number of time they have accessed the site. If this IP address has accessed more than 20 times, then redirect to some error page. Example
$ipaddress=$_SERVER['REMOTE_ADDR'];
$sql="SELECT number_of_tries FROM table where ip_address='$ipaddress'";
//lets say from above query the value comes -
$number_of_tries=20; // this comes from database
if($number_of_tries>20){
header("location: forbidden.php");
exit;
}
You can also save the datetime along with ip address. and in above query compare current date with one from database and then redirect.
Hope this helps
Upvotes: 1
Reputation: 33512
Preface: I don't know the yii frmework, so happy to delete the answer if this is the wrong tree.
Why not just store the offending IPs in a database table (along with an 'expire' time which says the IP cannot login until that time is passed) which is checked on the login. On a successful login, you can delete the offending IP address.
Upvotes: 0
Related Questions
- Block specific IP block from my website in PHP
- Block ip addresses automatically using PHP and htaccess
- PHP - Block IPs for 24 hours
- Block users using their ip addresses in php
- codeigniter - block ip if it exceeds x tries per y time
- banning user ip through php or apache
- Preventing the same IP from executing an action for 24 hours
- php strong ban system based on ip address
- Banning by IP with php/mysql
- PHP Temporarily Banning An IP