Re: Restrict IP access to a Perl application

_
barramundi9 (barramundi9@xxxxxxxxxxx) wrote on VCCLXV September MCMXCIII
in <URL:news:210eef7f-8725-4418-a5eb-f7947470d6cc@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>:
)) Dear all:
))
)) I am a newbie to Perl and have an application written in Perl. I put
)) IPs that are "allowed" to access the application into a file called
)) "ip.allow".
))
)) I then tried to compare the $ENV{REMOTE_ADDRESS} to the IPs in
)) "ip.allow" to determine the access right which looks like the
)) following:
))
)) 10.0.0.1
)) 10.0.0.2
)) 10.0.0.3
))
)) And the code is:
))
)) $address=$ENV{'REMOTE_ADDR'};
))
)) open(FILE,"/path/to/ip.allow") or die ("Cannot open file!");
)) flock(FILE,2);
)) while ($line=<FILE>) {
)) $line=~s/\./\\\./g;
)) if ($line =~ /$address/) {
)) print "IP matched!!\n";
)) last;
)) }
)) }
)) flock(FILE,8);
)) close(FILE);
))
)) But it doesn't seem to work because when I take out 10.0.0.1 from the
)) ip.allow file, 10.0.0.1 can still access the application.

That seems odd. In fact, I find it odd that, assuming $ENV {REMOTE_ADDR}
actually contains an IP address, anything matches at all. Say, for instance
$ENV {REMOTE_ADDR} contains "10.0.0.1", and ip.allow contains the three
addresses listed above. Then you do the following tests:

"10\\.0\\.0\\.1\n" =~ /10.0.0.1/
"10\\.0\\.0\\.2\n" =~ /10.0.0.1/
"10\\.0\\.0\\.3\n" =~ /10.0.0.1/

There's no way this is going to match.

*Unless* $ENV {REMOTE_ADDR} is empty, then you'd be comparing the addresses
in ip.allow to //, which will always match.

)) Any suggestions are appreciated, thanks.

Why are you rolling your own security? This is a task that should be done
by the webserver.



Abigail
--
perl -wle 'print "Prime" if (0 x shift) !~ m 0^\0?$|^(\0\0+?)\1+$0'
.

Relevant Pages

  • Re: Restrict IP access to a Perl application
    ... barramundi9 wrote on VCCLXV September MCMXCIII ... I am a newbie to Perl and have an application written in Perl. ... IPs that are "allowed" to access the application into a file called ... In fact, I find it odd that, assuming $ENV ...
    (comp.lang.perl.misc)
  • Why not to use env (was Re: Perl executable pathname needs to be hardwired?)
    ... Chris> My understanding is that the Python idiom is to avoid putting the full ... This won't work if env is not in your current directory! ... One problem is that while Perl may be in *my* PATH for an unusual ... and env launches Perl... ...
    (perl.beginners)
  • Re: setting %ENV in a module
    ... then the resulting hash value is the literal $ENV-VAR - perl is not ... "$v", to the value of the %ENV hash, that string gets stored as is. ... $ENV{TMPTEST} to $TMPTEST, and changing one will change the other. ... process the lines of that array one-at-a-time, ...
    (comp.lang.perl.misc)
  • Re: setting %ENV in a module
    ... then the resulting hash value is the literal $ENV-VAR - perl is not ... "$v", to the value of the %ENV hash, that string gets stored as is. ... $ENV{TMPTEST} to $TMPTEST, and changing one will change the other. ... process the lines of that array one-at-a-time, ...
    (comp.lang.perl.misc)
  • Re: creating shell scripts using #!/usr/local/env perl
    ... >>Paul Lalli ... > did you actually read the man page for env? ... current environment, that is, without modifying the environment at all. ... This is useful for transporting perl scripts from one machine to another, ...
    (comp.lang.perl.misc)