CodeIgniter Forums
users bypassing IP ban - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Using CodeIgniter (https://forum.codeigniter.com/forum-5.html)
+--- Forum: General Help (https://forum.codeigniter.com/forum-24.html)
+--- Thread: users bypassing IP ban (/thread-66810.html)



users bypassing IP ban - ronaldv - 12-06-2016

I store in the DB a list of "bad" IPs, and in my controller for the sign up page I redirect users whose IP is found in the list of bad IPs using this code:

Code:
redirect(base_url('xxx'));

But a user was able to bypass it and register with a blocked IP. How is this possible? Even if the HTTP redirect could somehow be ignored, the "redirect" function terminates script execution (as explained here)

I'm using CI 3.0.4 is that helps.


RE: users bypassing IP ban - Narf - 12-06-2016

Do you have separate URLs for the form itself and where the form sends its data?

If so, one could just send their registration data without actually using the form.


RE: users bypassing IP ban - ronaldv - 12-07-2016

(12-06-2016, 02:57 PM)Narf Wrote: Do you have separate URLs for the form itself and where the form sends its data?

If so, one could just send their registration data without actually using the form.

yeah I have two separate URLs! I'll move the IP check to the URL receiving the data, thanks for the tip!