PHP Auto Prepend and its Uses

A thread at SEO Refugee started with asking for help about a funny URL, which we deciphered to be a probe to try to attack the website. I've seen this before and so I suggested that they block the whole IP C-block. Which turned into the question of: how do you block IP addresses?

The way I do it is using PHP and it uses a nice little trick that few seem to know about. This is how:

PHP has a feature that allows you to pre-pend a file at every PHP request. This prepend file is the equivalent of having it include()ed at the top of every single PHP script on your site. It's is done through a directive that is set either in php.ini or .htaccess. The directive is called auto_prepend_file. For .htaccess, this is what I use:

php_value auto_prepend_file "/full/path/to/a/prepend-file.php"

Because it runs at every PHP request and it runs before the actual requested script, you can do some really neat things. So what do I do? I'm developing this system internally and at the moment it does three things:

  1. Authenticate SE bots
  2. Analytics (the data logger)
  3. Block IP addresses

The blocking works as follows: there is a special directory where I put empty files that dictate the blocking. The file names are of two formats: a.b.c.d or a.b.c depending if want to block a specific IP address (the former format) or a C-block (the latter). In the pre-pend file, there is a simple check: figure out the remote IP address, and check the for the presence of either its file or its C-block file. So if the remote IP is 111.222.333.444, it checks for the prsence of either /111.222.333 or /111.222.333.444. If either exist, a 403 not authorized header is returned and the code exit()s, so no actual content gets displayed.

This raises the question: how do you add files to the directory? Using a web interface of course :) You can do it with a simple touch() or an fopen().

For completeness, there is a sister directive called auto_append_file which runs after each PHP script is called (with the exception that if script exit()s, the append file doesn't run). I've never used it, but it can be useful for things like measuring how quickly scripts run on your server.

Posted in Web programming |

Social bookmark this page

Subscribe to Things of Sorts

If you liked this post, please subscribe to the Things of Sorts RSS feed:

2 Responses to “PHP Auto Prepend and its Uses”

  1. JohnMu Says:
    October 31st, 2007 at 11:45 pm

    I’ve used those two directives to implement caching (as described on Dave’s http://www.ilovejackdaniels.com/php/caching-output-in-php/ ) - it works pretty good, especially when the content of the URLs is processing-intensive and database driven but does not change regularly. You could also use them to strip “code bloat” and HTML comments form the output. Pretty fun stuff :)

  2. Pierre Says:
    November 1st, 2007 at 12:33 am

    Hi John

    That’s a neat strategy for caching. Thanks for pointing it out :)

    Another use is to email the webmaster when an event has happened, like GBot crawling a new page or something. This is sort of like the analytics idea, but with a different output.

    Pierre

Leave a Reply

 

Site Navigation

Blog Categories

Popular Pages

The most popular pages on eKstreme.com.

Search

Blogroll

Subscribe

Subscribe to RSS 2.0 feed

Community

 
thermodelly