Restrict IP access to a Perl application

Dear all:

I am a newbie to Perl and have an application written in Perl. I put
IPs that are "allowed" to access the application into a file called
"ip.allow".

I then tried to compare the $ENV{REMOTE_ADDRESS} to the IPs in
"ip.allow" to determine the access right which looks like the
following:

10.0.0.1
10.0.0.2
10.0.0.3

And the code is:

$address=$ENV{'REMOTE_ADDR'};

open(FILE,"/path/to/ip.allow") or die ("Cannot open file!");
flock(FILE,2);
while ($line=) {
$line=~s/\./\\\./g;
if ($line =~ /$address/) {
print "IP matched!!\n";
last;
}
}
flock(FILE,8);
close(FILE);

But it doesn't seem to work because when I take out 10.0.0.1 from the
ip.allow file, 10.0.0.1 can still access the application.

Any suggestions are appreciated, thanks.

barramundi9

Re: Restrict IP access to a Perl application

barramundi9 wrote:
>
> I am a newbie to Perl and have an application written in Perl. I put
> IPs that are "allowed" to access the application into a file called
> "ip.allow".
>
> I then tried to compare the $ENV{REMOTE_ADDRESS} to the IPs in
> "ip.allow" to determine the access right which looks like the
> following:
>
> 10.0.0.1
> 10.0.0.2
> 10.0.0.3
>
> And the code is:

Don't forget:

use warnings;
use strict;

> $address=$ENV{'REMOTE_ADDR'};
>
> open(FILE,"/path/to/ip.allow") or die ("Cannot open file!");
> flock(FILE,2);
> while ($line=) {
> $line=~s/\./\\\./g;
> if ($line =~ /$address/) {
> print "IP matched!!\n";
> last;
> }
> }
> flock(FILE,8);
> close(FILE);
>
> But it doesn't seem to work because when I take out 10.0.0.1 from the
> ip.allow file, 10.0.0.1 can still access the application.
>
> Any suggestions are appreciated, thanks.

You probably don't want to use a regular expression. This should work
better:

while ( my $line = ) {
chomp $line;
if ( $line eq $address ) {
print "IP matched!!\n";
last;
}
}



John
--
Perl isn't a toolbox, but a small machine shop where you
can special-order certain sorts of tools at low cost and
in short order. -- Larry Wall

Re: Restrict IP access to a Perl application

On Tue, 29 Jan 2008 23:04:26 -0800, barramundi9 wrote:

> Dear all:
>
> I am a newbie to Perl and have an application written in Perl. I put
> IPs that are "allowed" to access the application into a file called
> "ip.allow".
>
> I then tried to compare the $ENV{REMOTE_ADDRESS} to the IPs in
> "ip.allow" to determine the access right which looks like the following:
>
> 10.0.0.1
> 10.0.0.2
> 10.0.0.3
>
> And the code is:
>
> $address=$ENV{'REMOTE_ADDR'};
>
> open(FILE,"/path/to/ip.allow") or die ("Cannot open file!");
> flock(FILE,2);
> while ($line=) {
> $line=~s/\./\\\./g;
> if ($line =~ /$address/) {
> print "IP matched!!\n";
> last;
> }
> }
> flock(FILE,8);
> close(FILE);
>
> But it doesn't seem to work because when I take out 10.0.0.1 from the
> ip.allow file, 10.0.0.1 can still access the application.

1) You don't chomp the input line, so it still contains a \n
2) You can just compare strings, no need for the regexp
3) You forgot to anchor your regexp (/^$address$/), but see 2)

HTH,
M4

Re: Restrict IP access to a Perl application

barramundi9 wrote:
>
> open(FILE,"/path/to/ip.allow") or die ("Cannot open file!");
> flock(FILE,2);
> while ($line=) {
> $line=~s/\./\\\./g;

You replace '.' with '\.' in $line...

> if ($line =~ /$address/) {

....so now you're matching: "10\\.0\\.0\\.1\n' =~ /10.0.0.1/
which obviously fails since there are no backslashes in $address.

I suspect you meant this to be:
if ( $address =~ /$line/ ) {
which would still fail since there is no "\n" in $address.

In which case you could use chomp and also get rid of the s///
and use \Q in your match:
chomp $line;
if ( $address =~ /\Q$line/ ) {

or, better yet, use chomp() and eq
chomp $line;
if ( $line eq $address ) {

Re: Restrict IP access to a Perl application

_
barramundi9 (barramundi9@hotmail.com) wrote on VCCLXV September MCMXCIII
in :
)) Dear all:
))
)) I am a newbie to Perl and have an application written in Perl. I put
)) IPs that are "allowed" to access the application into a file called
)) "ip.allow".
))
)) I then tried to compare the $ENV{REMOTE_ADDRESS} to the IPs in
)) "ip.allow" to determine the access right which looks like the
)) following:
))
)) 10.0.0.1
)) 10.0.0.2
)) 10.0.0.3
))
)) And the code is:
))
)) $address=$ENV{'REMOTE_ADDR'};
))
)) open(FILE,"/path/to/ip.allow") or die ("Cannot open file!");
)) flock(FILE,2);
)) while ($line=) {
)) $line=~s/\./\\\./g;
)) if ($line =~ /$address/) {
)) print "IP matched!!\n";
)) last;
)) }
)) }
)) flock(FILE,8);
)) close(FILE);
))
)) But it doesn't seem to work because when I take out 10.0.0.1 from the
)) ip.allow file, 10.0.0.1 can still access the application.

That seems odd. In fact, I find it odd that, assuming $ENV {REMOTE_ADDR}
actually contains an IP address, anything matches at all. Say, for instance
$ENV {REMOTE_ADDR} contains "10.0.0.1", and ip.allow contains the three
addresses listed above. Then you do the following tests:

"10\\.0\\.0\\.1\n" =~ /10.0.0.1/
"10\\.0\\.0\\.2\n" =~ /10.0.0.1/
"10\\.0\\.0\\.3\n" =~ /10.0.0.1/

There's no way this is going to match.

*Unless* $ENV {REMOTE_ADDR} is empty, then you'd be comparing the addresses
in ip.allow to //, which will always match.

)) Any suggestions are appreciated, thanks.

Why are you rolling your own security? This is a task that should be done
by the webserver.



Abigail
--
perl -wle 'print "Prime" if (0 x shift) !~ m 0^\0?$|^(\0\0+?)\1+$0'

Re: Restrict IP access to a Perl application

On 1月30日, 下午5時20分, Abigail wrote:
> _
> barramundi9 (barramun...@hotmail.com) wrote on VCCLXV September MCMXCIII
> in :
> )) Dear all:
> ))
> )) I am a newbie to Perl and have an application written in Perl. I put
> )) IPs that are "allowed" to access the application into a file called
> )) "ip.allow".
> ))
> )) I then tried to compare the $ENV{REMOTE_ADDRESS} to the IPs in
> )) "ip.allow" to determine the access right which looks like the
> )) following:
> ))
> )) 10.0.0.1
> )) 10.0.0.2
> )) 10.0.0.3
> ))
> )) And the code is:
> ))
> )) $address=$ENV{'REMOTE_ADDR'};
> ))
> )) open(FILE,"/path/to/ip.allow") or die ("Cannot open file!");
> )) flock(FILE,2);
> )) while ($line=) {
> )) $line=~s/\./\\\./g;
> )) if ($line =~ /$address/) {
> )) print "IP matched!!\n";
> )) last;
> )) }
> )) }
> )) flock(FILE,8);
> )) close(FILE);
> ))
> )) But it doesn't seem to work because when I take out 10.0.0.1 from the
> )) ip.allow file, 10.0.0.1 can still access the application.
>
> That seems odd. In fact, I find it odd that, assuming $ENV {REMOTE_ADDR}
> actually contains an IP address, anything matches at all. Say, for instance
> $ENV {REMOTE_ADDR} contains "10.0.0.1", and ip.allow contains the three
> addresses listed above. Then you do the following tests:
>
> "10\\.0\\.0\\.1\n" =~ /10.0.0.1/
> "10\\.0\\.0\\.2\n" =~ /10.0.0.1/
> "10\\.0\\.0\\.3\n" =~ /10.0.0.1/
>
> There's no way this is going to match.
>
> *Unless* $ENV {REMOTE_ADDR} is empty, then you'd be comparing the addresses
> in ip.allow to //, which will always match.
>
> )) Any suggestions are appreciated, thanks.
>
> Why are you rolling your own security? This is a task that should be done
> by the webserver.
>
> Abigail
> --
> perl -wle 'print "Prime" if (0 x shift) !~ m 0^\0?$|^(\0\0+?)\1+$0'

Thanks for all your replies.

John, you are right, it can be done without regex.

Thanks again.

barramundi9