Home/ Questions/Q 8207841
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-07T09:07:53+00:00

I have a script where payment processors come with payment confirmations. To make the

  • 0

I have a script where payment processors come with payment confirmations.
To make the page secure, as it can access order information and other user related stuff, I had to limit the acces by ip(/24) as it follows:

$ipAllowed = array(
'192.192.192',
'172.172.172'
);
$ipAllowed = str_replace(".", "\.", implode("|", $ipAllowed));

if(!preg_match("/^($ipAllowed)\.[0-9]{1,3}$/", $_SERVER['REMOTE_ADDR'])){
     header('HTTP/1.0 403 Forbidden');
     die('You are not allowed to access this file.');
}

*the ip’s are just as an example

Before i used:

if(!in_array(@$_SERVER['REMOTE_ADDR'], array('ips here'))); //only works with full ip

The !in_array was much neater then the one I use now, but i need something that works with /24 ips, or even with both!

Do you know something that works better/faster, is reliable and much neater?

@rap-2-h As you stated this is the neater version that works with full ip, /24 or even /16

$ipAllowed = array( '192.168.1.153' '172.172.172'); 
$allowed = false; 

foreach($ipAllowed as $ip): 
    if(strpos($_SERVER['REMOTE_ADDR'], $ip) === 0) $allowed = true; 
endforeach; 

if (!$allowed) { 
    header('HTTP/1.0 403 Forbidden'); 
    die('You are not allowed to access this file.'); 
}
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You can try something like this :

    $ipAllowed = array('192.192.192', '172.172.172');

$allowed = false;
foreach($ipAllowed as $ip) {
     if (strpos($_SERVER['REMOTE_ADDR'], $ip) !== false) {
         $allowed = true;
     }
}
if (!$allowed) {
    header('HTTP/1.0 403 Forbidden');
    die('You are not allowed to access this file.');     
}

    So you can have only ip fragment in your $ipAllowed array.
    It’s not very elegant but it should work…

    • 0