How do I restrict my website to certain IP ranges?

ZXTM allows you to easily and efficiently control which source IP ranges are allowed to access your website. This could be really useful within an intranet environment where only specific IP ranges of your business are allowed access.

A quick trafficscript such as the below accomplishes this.

# Cache clients' IP address
$ip = request.getRemoteIP();
 
# If the clients IP mask does not match that specified, block access to our
# website
if  ( ! string.ipmaskmatch( $ip, "212.0.0.0/16" == 0 ) ) {
        connection.close( "500 Unauthorized\r\n" );
}

or to add specific, individual, IPs:

You first need to create a file within $ZEUSHOME/zxtm/conf/extra/ called 'trusted_ips'. Within that file input:

10.100.1.2
10.102.8.25
10.100.12.8
192.168.2.6

We advise that you perform the below commands to only allow ZXTM's user/group to read and/or write to the file. You can edit the file as root if you need to perform update maintenance.

 
chown nobody:nogroup trusted_ips
chmod 640 trusted_ips

Now, apply this trafficscript to the relevant virtual server:

$trusted_user_file = "trusted_ips";
$ip = request.getRemoteIP();
$trusted_ips = resource.get( "trusted_ips" );
 
# test if user IP is in trusted IP list
# exit if not in list, forcing users' connection to be closed.
if( string.contains( $trusted_ips, $ip ) == 0 ) {
       connection.close( "500 Unauthorised\r\n" );
}

Chris Buckley [Zeus Support] 15 September 2006 2 comments