How do websites keep track of IP addresses [closed]

Question

Closed. This question needs to be more focused. It is not currently accepting answers.

---

Want to improve this question? Update the question so it focuses on one problem only by editing this post.

Closed 8 years ago.

Improve this question

I have created a website and I want to allow specific IP addresses to be able to visit this website.
After some research I found out that IP addresses might change everyday. Is there any way to obtain the new addresses?

Answer 1

IP Addresses change depending on the ISP of the user viewing your website. Some will be assigned a static IP, while many home users may be assigned a dynamic IP that could change on a varying basis.

There are a few different options to handling user authentication, with varying levels of usability:

• Use a login form and create users. You will have to create a database to store encrypted passwords and other user data.

• Use a login with IP address whitelisting. You can detect the origin of the server request using the $_SERVER['REMOTE_ADDR'] variable in PHP. Note that if the user is going through a proxy, you will be returned the proxy IP and not the users. You can require a login from anyone outside your array of whitelisted IPs.

• A small sample script to set up your database:

  $ msyql -u root -pYourPassword
  > CREATE DATABASE mysite;
  > CREATE TABLE users (id TINYINT NOT NULL AUTO_INCREMENT, name VARCHAR(30), password VARCHAR(60), email VARCHAR(30), PRIMARY KEY (id));
  

That's it for creating a very simple database. For security, you should always salt passwords prior to passing them through the MySQL PASSWORD() function.

• If you aren't comfortable using a database, you can manage user login credentials using htaccess. It is simple and offers no extra fringe benefits or manageability that would come with a programmatic login.

  #just a basic login
  AuthType Basic
  
  AuthName "Login Required"
  #the absolute path to your htpasswd. you can use relative, just be conscious if you move either file
  AuthUserFile /path/to/.htpasswd
  #if you don't have this, your already limited security is blown
  Require valid-user
  

• Wherever the .htpasswd is according to the htaccess, you will have a file .htpasswd with one line per user that looks something like:

  john:$apr1$j08c8l7h$ck52z9GqO0VTgKY5OMerV0
  

• Whenever using the .htaccess method, you should own and chmod 600 the files to ensure only the Apache user can read them:

  chown www-data:www-data .htaccess && chmod 600 .htaccess
  
  chown www-data:www-data /path/to/.htpasswd && chmod 600 .htpasswd
  

I would highly recommend using a standard login system with your information stored in a MySQL (or postgres, oracle, etc) database. You noted yourself that IP addresses do change, and frequently updating and managing access to a site using only a list of IP addresses is neither efficient or secure.