PDA

View Full Version : Allow Certain IP's To Access (or View) AdminCP


Bison
11-23-2004, 01:45 AM
Can someone tell me how to stop anyone from viewing the admincp if they don't have an IP in the list? I know I can use a htaccess to stop anyone from accessing it, but is there a way that I can enter an IP address (If the admin user uses a static IP) that is only allowed to see the admincp?

cycopia
11-24-2004, 09:46 PM
At the beginning of your index.php file in your admincp folder, add the following:

if(!preg_match("/^(68\.142\.18\.|68\.143\.19\.)/",$_SERVER['REMOTE_ADDR'])){
header("HTTP/1.0 403 Forbidden",1);
echo "<h2>403 Forbidden</h2>";
exit();
}

The above code only allows ip addresses that begin with 68.142.18. or 68.143.19. Multiple IPs are separated by a | (pipe, above a back-slash on keyboard). You will notice that all periods are back-slash escaped (coding standard for regular expressions). Also be sure to not forget that last period after the 3rd number.

if(!preg_match("/^68\.142\.1\.143/",$_SERVER['REMOTE_ADDR'])){
header("HTTP/1.0 403 Forbidden",1);
echo "<h2>403 Forbidden</h2>";
exit();
}

The above code allows only the IP 68.142.1.143.
Here is an example of the WRONG way:
if(!preg_match("/^68\.142\.1/",$_SERVER['REMOTE_ADDR'])){
header("HTTP/1.0 403 Forbidden",1);
echo "<h2>403 Forbidden</h2>";
exit();
}

This code is missing a vital period after the 3rd number! We will allow any ip matching the pattern of 68.142.1*. That means 68.142.1.*, 68.142.10.*, 68.142.11.*, 68.142.12.*, 68.142.100.*, and so on all pass our "test." Don't forget the last period because you can go from letting a few ips to thousands by mistake.

Andreas
11-24-2004, 10:09 PM
Do you use Apache?
Then i'd suggest using .htaccess

<Limit GET POST>
order deny,allow
deny from all
allow from 199.166.210.12
</Limit>

This wil only allow access form IP 199.166.210.12.
If you want to allow several IPs, repeat the allow-line.

Isn't that what you want?

cycopia
11-24-2004, 10:32 PM
What I posted was a software mod in PHP... the apache version is more desirable and works just as well.

If your ISP doesn't allow .htaccess, do the PHP version.

Andreas
11-24-2004, 10:47 PM
What I posted was a software mod in PHP... the apache version is more desirable and works just as well.

If your ISP doesn't allow .htaccess, do the PHP version.

Hmm ... your code protects only index.php.
All other scripts would still be accessable?

Bison
11-27-2004, 01:38 AM
What I posted was a software mod in PHP... the apache version is more desirable and works just as well.

If your ISP doesn't allow .htaccess, do the PHP version.

This works wonders for my Windows servers ... thanks!

I did use htaccess to protect my admin cp, but one day I forgot my password and I had to go into my cpanel to re-create the htaccess. Also, at times where I need quick access, and don't want to enter a password, this fix does it. :ermm: