users bypassing IP ban |
I store in the DB a list of "bad" IPs, and in my controller for the sign up page I redirect users whose IP is found in the list of bad IPs using this code:
Code: redirect(base_url('xxx')); But a user was able to bypass it and register with a blocked IP. How is this possible? Even if the HTTP redirect could somehow be ignored, the "redirect" function terminates script execution (as explained here) I'm using CI 3.0.4 is that helps.
Do you have separate URLs for the form itself and where the form sends its data?
If so, one could just send their registration data without actually using the form. (12-06-2016, 02:57 PM)Narf Wrote: Do you have separate URLs for the form itself and where the form sends its data? yeah I have two separate URLs! I'll move the IP check to the URL receiving the data, thanks for the tip! |
Welcome Guest, Not a member yet? Register Sign In |