IP condition of the user via Javascript?

Asked

Viewed 549 times

-3

Blz guys, I’m having a great difficulty with JAVASCRIPT, I’m having trouble with my PHP to return the IP with function

$_SERVER['REMOTE_ADDR']; 

but this, returns me only the gateway of our network, we believe it is some internal problem. Thence I resorted to the javascript below, which is returning me the public ip and for me, already helps enough.

What I would like is the following, from this ip that is being shown by javascript, to make a redirect Alert if the first 10 digits are different from 200.254.21 leave the page.

I don’t know how to work with if in javascript. Can anyone help me?

<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></script>
    <script type="application/javascript" src="https://api.ipify.org?format=jsonp&callback=getIP"></script>
    <script type="application/javascript">
      $(function() {
        $.getJSON("https://api.ipify.org?format=jsonp&callback=?",
          function(json) {
            document.write("Meu IP público é: ", json.ip);
          }
        );
      });
 	</script>

  • 3

    What exactly are you trying to do?

  • @web_charles if it is a critical validation that cannot be circumvented, it should be done via PHP. And it’s not an "internal fault", the server will get the gateway from your router even, unless you use Ipv6 or have Ipv4 valid on each device. Now if you want to validate an internal equipment of a network via server, via IP does not give, the correct one would be a login and password, a token, etc.

2 answers

1

You want to authenticate the connection via IP?

This type of block is called ACL or Access Control Lists and only serves to bar the majority of lay users.

Access Control Lists (ACL) allow or deny traffic from specific IP addresses to a specific IP address and destination port. It also allows specifying different types of traffic, such as ICMP, TCP, UDP, etc.

Must be implemented in the router and not in the code, client or server.

It should not be the only authentication criterion, this type of protection only works as dam apparatus for the large mass of lay users. It does not work with specialized attackers as it is 100% susceptible to a Host Header Attack, which consists of planting false information in requests, in case the attacker generates a series of false requests each with a different IP thus formed a table with the ips accepted and rejected by the ACL .

It is kind of validation used to block the annoying "uncle" who wants to steal Wifi at the party but that does not stop his neighbor’s son, 10 years, to steal his internet connection.

The two answers plus the question code cannot offer any certainty about the veracity of the delivered IP as they can be circumvented with a line of code using the developer’s own browser tool.

If you want to authenticate the communication suggest two models, Session-Based Authentication and the Token-Based Authentication.

Session-Based Authentication

In Session-Based Authentication, the server will create a session for the user after logging in.

The session ID is stored in a cookie in the user’s browser. As long as the user remains logged in, the cookie will be sent along with all subsequent requests.

The server can then compare the session ID stored in the cookie with the session information stored in the memory to verify the user’s identity and send a reply to the corresponding state.

Token-Based Authentication

Many web applications use JSON Web Token (JWT) instead of sessions for authentication. In the token-based application, the server creates the JWT with a secret and sends the JWT to the client. The client stores the JWT (usually in local storage) and includes the JWT in the header for each request. The server would validate JWT with all client requests and send a response.

The biggest difference is that the user’s state is not stored on the server, as the state is stored inside the token on the client side. Most modern web applications use JWT for authentication for reasons that include mobile device scalability and authentication.

-2

First, you should remove this line: <script type="application/javascript" src="https://api.ipify.org?format=jsonp&callback=getIP"></script>, because the use of this API is already being done here:

$.getJSON("https://api.ipify.org?format=jsonp&callback=?",
    function(json) { ... }

It is not a good idea to do this via javascript. Ideally, this type of check will occur on the server. Anyway, follow the code.

<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></script>
<script language="javascript">
$(function() {
  $.getJSON("https://api.ipify.org?format=jsonp&callback=?",
    function(json) {
      document.write("Meu IP público é: ", json.ip);
      if(!json.ip.startsWith("200.254.21")) {
        alert('IP DIFERENTE');
        console.log('IP DIFERENTE');
        // redirecionamento
        window.location = "http://www.google.com";
      } else {
          alert('IP IGUAL');
          console.log('IP IGUAL');
      }
    }
  );
});
</script>

  • I get it. Alert doesn’t appear, it doesn’t work if that’s right ! json.ip.startsWith ?

  • If you want me to redirect when the IP starts at 200.254.22, just switch !json.ip.startsWith("200.254.21") for json.ip.startsWith("200.254.21")

  • Right. Unfortunately Alert does not appear even when I change

  • If Alert does not appear in either case, you have another problem. Run the new answer and see what appears on your console.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.