go top


  • Colection of 65 PHP scripts for $4.29 each

Get 65 PHP scripts in a bundle for $4.29 each!

View Offer

How to block an IP address from visiting a website

Wednesday, 26th October, 2016  /  PHP Tutorials  /  11 Comments
There are many reasons you may need to block an IP address from visiting your website. For example, to prevent particular users doing malicious things with your website - trying to spam your web forms, or hack your shopping cart, etc. Using PHP, you can easily find your site visitors' website addresses and based on these addresses to redirect them to specific places on your site. If you use such IP ban protection on your website, you will also need to not only list individual addresses to be blocked but also IP masks and IP ranges.

Let's start! First, we will create an array to list all the IP addresses that we want to block. Besides single IP addresses, we will also use IP ranges such as and IP masks 100.88.*.*. Here is the array

$ip_block = array(

When a visitor comes to your website you will need to find their IP address and store it in a variable. You can find out the IP address using this piece of code:

if (isset($_SERVER['HTTP_CLIENT_IP']))
$client_ip = $_SERVER['HTTP_CLIENT_IP'];
} else if(isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$client_ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
} else if(isset($_SERVER['HTTP_X_FORWARDED'])) {
$client_ip = $_SERVER['HTTP_X_FORWARDED'];
} else if(isset($_SERVER['HTTP_FORWARDED_FOR'])) {
$client_ip = $_SERVER['HTTP_FORWARDED_FOR'];
} else if(isset($_SERVER['HTTP_FORWARDED'])) {
$client_ip = $_SERVER['HTTP_FORWARDED'];
} else if(isset($_SERVER['REMOTE_ADDR'])) {
$client_ip = $_SERVER['REMOTE_ADDR'];

The code above will check every possible variable which may hold information about visitor's IP address. Once it is executed, you will have visitor IP address stored in $client_ip variable. Now we will have to create a loop and match visitor's IP address against each IP address that we have in our $ip_block array. In the code below there are 3 IF cases

1) if($client_ip == $ip) - if visitor's IP addresses exactly matches the IP address defined in $ip_block array. If this is the case we set a variable $blocked to true and exit from the loop.

2) if(strpos($ip, '*') !== false) - if the blocked IP address has * or in other words if we use a mask to define the IP addresses that we need to block. If for example, you define
this will block all visitors with IP addresses,,, 100.100.100...... 255. If we have to check visitors IP address against such mask we split the IP addresses by . and match each of the 4 parts of the IP address. If there is a match, then we consider the IP address to be blocked and exit the loop

3) if(strpos($ip, "-") !== false) - with the last IF case we check if the visitors IP address should be checked against IP range. In that case we convert the IP address to an integer using ip2long() function and compare that interger with the start and end IP addresses from the range.

$blocked = false;
foreach($ip_block as $ip)
if($client_ip == $ip)
$blocked = true;
}else if(strpos($ip, '*') !== false){
$digits = explode(".", $ip);
$client_ip_digits = explode(".", $client_ip);
if($digits[1] == '*' && $digits[0] == $client_ip_digits[0])
$blocked = true;
}else if($digits[2] == '*' && $digits[0] == $client_ip_digits[0] && $digits[1] == $client_ip_digits[1]){
$blocked = true;
}else if($digits[3] == '*' && $digits[0] == $client_ip_digits[0] && $digits[1] == $client_ip_digits[1] && $digits[2] == $client_ip_digits[2]){
$blocked = true;
}else if(strpos($ip, "-") !== false){
list($start_ip, $end_ip) = explode("-", $ip);
$start_ip = preg_replace('/\s+/', '', $start_ip);
$end_ip = preg_replace('/\s+/', '', $end_ip);

$start_ip_long = ip2long($start_ip);
$end_ip_long = ip2long($end_ip);

if($client_ip_long >= $start_ip_long && $client_ip_long <= $end_ip_long)
$blocked = true;

At the end we will have a variable $blocked which if set to true means that visitors IP address is found in our list with blocked IP addresses and we should block it.

if($blocked == true)
header('Location: blocked-page.html');

You can redirect the user to another page or just print some message.

The above code is useful if you want to redirect different website visitors to different pages on your website. Using third party service you can find out location country for an IP address and knowing visitor's country to redirect them to specific language version of your website.
Share on:

11 Comments to "How to block an IP address from visiting a website"


Trent / June 4, 2019 at 22:36 pm


I noticed, you cannot check for MASK like the following:

So I modified the Mask checking code to allow for the extra formats if anyone needs them.

...} else if(strpos($ip, '*') !== false){
$digits = explode(".", $ip);
$client_ip_digits = explode(".", $client_ip);

if (
($digits[0] == $client_ip_digits[0])
($digits[1] == '*' || $digits[1] == $client_ip_digits[1])
(!isset($digits[2]) || $digits[2] == '*' || $digits[2] == $client_ip_digits[2])
(!isset($digits[3]) || $digits[3] == '*' || $digits[3] == $client_ip_digits[3])

) {

$blocked = true;



shanmukha / February 20, 2019 at 07:33 am

Sir can u pls help me ... how to hide ip address an ip location using php


gautan / August 26, 2018 at 16:54 pm

Thank you sir. Very informative to me.

Atiq Khan

Atiq Khan / March 23, 2018 at 13:40 pm

IP Address get change on router restart etc. then how can we handle this? Anyone please help me.


Vargawebdesign / March 20, 2018 at 09:33 am

Missing part :
$client_ip_long = ip2long($client_ip);


Vargawebdesign / March 20, 2018 at 09:26 am

I guess the code is not fully functional , because " $client_ip_long " ( in the third if part) not declared.
Missing part :
$client_ip_long = ip2long($ip);

John Doe

John Doe / October 2, 2017 at 02:34 am

What if we want the users with blocked IPs to stay on the same page, but anyone without their IP in the list will be redirected to elsewhere, do we just do the following then by replacing 'true' to 'falese'?

if($blocked == false)
header('Location: new-page.html');

Doc Palmere

Doc Palmere / September 25, 2017 at 16:41 pm

Two questions;
Q1- how would I include the IP block code on my login.php page?

Q2- If I created a redirect.php page with the blocking IP code in it, what is in the line of code I add to each page (i.e. login.php) to include this file?

Q3- Can I use simple cms script to manage the IP addresses to be blocked?

Q4-Is there a benefit to using the above solution over blocking IP at the cPanel level?


Sasho Valkanov

Sasho Valkanov / September 26, 2017 at 08:44 am

Hi Doc,

the best would be for you to create a function which can be called on each page that you need. So you can put blockip.php file and make function

function blockip() {
the php code

then each page that you need to protect should include this


It's not be possible to use Simple CMS script to edit this code as IP addresses need to be added in the PHP code - blockip.php file.

Cpanel IP protection will block users to visit your entire website and with this IP protection you can block specific users to visit specific pages.


Rick / November 28, 2016 at 02:16 am

Where should this code be placed on a website or on a server? I already know the IP address i need to block also.

Sasho Valkanov

Sasho Valkanov / November 28, 2016 at 18:31 pm

You can put this code in a separate .php file and include that .php file in all your web pages (again .php pages).

Add your comment


    Please, be polite and helpful and do not spam or offend others! We promise you will be treated the same way!

    Log in to your account to post your comments. If you still haven't joined our community yet, you can create your FREE account now!

    Posting tip:
    If you use code in your comments, please put it in these tags [php], [sql], [css], [js] PHP code example: [php] echo date("Y-m-d"); [/php]

    Thank you,
    PHPJabbers Team