Restricting Access to Site with CGI

You all know me, but I'd thought I better remain anonymous on this one.

I have a problem with one individual accessing my website and I would like to stop him based on his IP address.

Any ideas on how can improve what I've done:

I have set up a dummy index.htm file, which does little except call the following script using:

<META HTTP-EQUIV="refresh"
CONTENT="0;URL=cgi-bin/counter.cgi">

where counter.cgi is a perl script which returns garbage for my foe and the address of the main page for everyone else.

Ideally I would like to restrict every page without causing problems to any other user. Nor do I want to restrict search engine crawling.

Any suggestions?

I know there is an environment variable or something like that conatins the value of the IP address. I'll try find it and let you know, or it shouldn't be too hard to find. You just insert a line comparing that value to the value of the IP address of this person. If they are different, use whatever STDOUT function there is (depending on what language your script will be in), and print the correct page. If they match, print a page thats... you know... insulting. Using IP addresses would be the best option, but remember he can always just use a different computer. You could, of course, hire some sort of web design company... or a hitman. I have low rates for both.

The environment variable, I believe, is REMOTE_ADDR. Be sure to have that section of your script on every page, as they could type in the full URL and bypass your main page(s). Hope this helps!

P.S. (It's not me is it?)

Thanks for the repies.

>The environment variable, I believe, is REMOTE_ADDR.

Hi Sean. Thanks but I had got that far. My script works, but it's only effective on the index page & relies on auto refresh to return a dynamic link. I need a way for a web page to execute a CGI script, but act conditionally - then I could put it on every page.

>P.S. (It's not me is it?)
It's no one who posts here. May be a lurker though.

>Just put the offending IP into the hosts.deny file?
Sounds promising, but where do I find it? I have webspace, with a cgi-bin directory. Not aware of anything else. Also heard about a thing called htAccess, but again I don't know whether my web space supports it.

many ISP's use dynamic IP addresses. do you know for sure that this person doesnt have a dynamic IP? (ie. blocking one IP will do no good)

I'm still thinking hitman.

Anyway, you could just make one script, then have every link run that script, but give it a parameter specifiying a certain page. The CGI script picks up that parameter and then uses conditionals to decide which page to print?

You need to know what web server software your running under.

Maybe you can use a .htaccess file (or deny file like already suggested).

Code:

//A function to check if the accessing host have permission to access the page. struct IP_STAMP{ char address[16]; long int time_stamp; int count; }; int allow_http_access(char *deny_hostfile, char *allow_hostfile,char *failed_hostfile, struct IP_STAMP *ip_stamp) { char *lenstr; long len; char input[1024]; char data[1024]; char string[1024]; char ipaddress[16]; char hostaddress[1024]; int i, j; lenstr = getenv("REMOTE_ADDR"); /* OS GLOBAL Variable environment */ if(lenstr == NULL || sscanf(lenstr,"%ld",&len)!=1 || len > 1024) return 0; /* fgets(input, len+1, stdin); Getting error ?? BUG: Solved but not understood*/ /* 19 January, 2003 */ for(i=0; i < 16 && *lenstr!='\0'; i++, lenstr++) ipaddress[i]=*lenstr; ipaddress[i]='\0'; lenstr = getenv("REMOTE_HOST"); /* Environment 4 REMOTE_HOST */ if(lenstr != NULL && sscanf(lenstr,"%ld",&len)==1 && len < 1024) { for(i=0; i < 1024 && *lenstr!='\0'; i++, lenstr++) hostaddress[i]=*lenstr; hostaddress[i]='\0'; } printf("<center>IP Address Stamp: %s %s </center>", ipaddress, hostaddress); //return find_string_infile(hostfile, ipaddress); strcpy(ip_stamp->address, ipaddress); if(!find_ip_infile(deny_hostfile, ipaddress)) return 1; if(find_ip_infile(allow_hostfile, ipaddress)) return 2; if(find_ip_failedlist(failed_hostfile, ipaddress, ip_stamp)) return 1; return 0; } //Your CGI application int main() { ............................. ................................ if(allow_http_access(DENY_HOSTIP_FILE, ALLOWED_HOSTIP_FILE, FAILED_HOSTIP_FILE, &ip_stamp) ) { printf("<center> Opps.. Sorry!!!! You don't have permission to access this page. "); return 1; } ................................... .................................... .................................... }

I guess the above code will help you to understant more. Sorry.. did not put enough comments... If anything not clear, put your questions.

>do you know for sure that this person doesnt have a dynamic IP?

Mmm. That would be a problem. I'm beginning to suspect that it is dynamic.

>Anyway, you could just make one script, then have every link run that script, but give it a parameter specifiying a certain page

That was my original thought, but it would screw some other things up. And I don't really want to go to the effort of designing my website around one man. He's a pain, yes, but not catastrophic.

Thanks for your help. It's been an interesting challenge in any case.