IP & ID/Password Security on Web Servers

Mark Cyzyk mcyzyk at tiger.towson.edu
Tue Jan 7 08:40:25 EST 1997


Regarding IP checking and password protection on Web documents, I can't
think of any way to do both of these using just the resources of the web
server.  One thing you could do, however, is to create some sort of CGI
firewall where first the IP's are checked and if they meet certain
criteria the client is allowed through.  If the IP check fails, then the
client is presented with a request for a password.

I have attached below a Perl CGI subroutine that will check for client
IP's within a certain range.  If the client IP does not fall within the
specified range, an error message is returned.  This could be
edited to perform some other function if the IP fails, e.g., return a
password screen.

One big problem with the notion of a CGI firewall -- it would be quite a
drain on your web server's resources.  However, since your secured
documents are probably only a small fraction of the total documents being
served, this drain may not be too drastic.

Hope this helps.  I've been itching to share my IP checker algorithm with
someone.

<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><
Mark Cyzyk, M.A., M.L.S.                     mcyzyk at midget.towson.edu
Albert S. Cook Library                        mcyzyk at tiger.towson.edu
Library and Instructional Technologies                 (410) 830-4285
Towson State University                            FAX (410) 830-3829
Towson, Maryland 21252                  http://www.towson.edu/~mcyzyk



########################## SUB IPCHECK ############################
# This subroutine compares the value of the REMOTE_ADDR environmental
# variable to a range of valid IP's.  If the value of REMOTE_ADDR does
# not fall within the specified range, this subroutine returns an
# error message and exits.
sub IPCheck
{
$iperror = "
This script is only available to YOUR USER GROUP HERE.
<p>
In order to use this script you must be logged on to a terminal with a
valid  IP address.
<p>
Your IP address is: $ENV{'REMOTE_ADDR'}
<p>If you have questions about this, please send an email message to 
YOUR NAME AND MAILTO: EMAIL ADDRESS";

$beginrange = "000.000.000.000"; # ENTER YOUR BEGINNING NUMBER HERE
$endrange = "000.000.000.000";   # ENTER YOUR ENDING NUMBER HERE
$remote = "$ENV{'REMOTE_ADDR'}";

@initialarray = ($beginrange, $endrange, $remote);

foreach $item (@initialarray)
{
# Here each IP is converted to a whole number.  If a "word" in the 
# IP needs to be padded with leading zeros, it is done.
$item =~ /-?(\d+).?(\d+).?(\d+).?(\d+)/;

        @wordlength = ($1, $2, $3, $4);
        @numberarray = ();

	# Padding with leading zeros, if needed, is done here.
        foreach $word (@wordlength)
                {
                $strlen = length($word);
                
                if ($strlen == 3)
                        {
                        push (@numberarray, $word);
                        }
                while ($strlen < 3)
                        {
                        $padded = "0$word";
                        $strlen = length($padded);
                                if (length($padded) == 3)
                                        {
                                        push (@numberarray, $padded);
                                        }
                        $word = "$padded";
                        }
                }
                
$variable = "@numberarray[0,1,2,3]";
push (@finalarray, $variable);
}

$beginrange = "@finalarray[0]";
$endrange = "@finalarray[1]";
$remote = "@finalarray[2]";


if ($remote < $beginrange)
        {
        &CgiError("Illegal IP Address!", $iperror);
	exit 0;
        }
elsif ($remote > $endrange)
        {
        &CgiError("Illegal IP Address!", $iperror);
	exit 0;
        }

}



More information about the Web4lib mailing list