Streaming live at 10am (PST)

Blocking specific IP address from site

Hi, I’m trying to put this script into my website, but it doesn’t seem to be working.

<script type="text/javascript" src="http://l2.io/ip.js?var=ip"></script>
<script type='text/javascript'>
if (ip == "1.111.111.1111") {
alert('bye bye troll');
window.location = 'http://www.google.com/';
}
</script>

Whenever i put this in the webflow header, it doesn’t activate. I tested using my own IP address but nothing happens. Any solution? I don’t know much JS, so I’m shooting in the dark here.

Hi Eric,

I suggest you do such thing via your domain provider or a server side script.
JavaScript is a client side code, which means it won’t really block the IP (at least not for someone who knows what he’s doing)

Hi Aviv,

Yeah, I know it’s just client side so he’ll still be able to access it if he really wanted to— but he’s not tech savvy and I just needed it to redirect so he doesn’t think much of it.

The Domain provider/Server side script isn’t an option since we’re hosting via webflow :confused:

First, trying to use your visitors IP address to potentially block them with JavaScript is a whack a mole approach. It is trivial for a user to simply connect to a VPN, use a different network, etc. in fact, it is common bad actors to mask their real network address.

The other bigger issue you face, when including a script from a third party site, Is the potential of opening up a vector for a cross site forgery attack, as well as providing the host of the script, analytic data on your site traffic. I would caution against implementation as you have demonstrated for these reasons.

Hey, like I mentioned, I’m aware that it’s not the best solution, but I just want the content to not be so easily available to them. I know it’s strange, but I have my personal reasons.

I understand the latter part, but can nobody help me with a workaround? I don’t really know what to draw from this…

If your site is running on HTTPS your scripts need too as well.
https://l2.io/ip.js
Give that a shot.

Thank you for your suggestion!

The IP script shows up on page now, but the redirect script still doesn’t seem to work.

Here is a working script, using an open source and up to date API from https://www.ipify.org, using the jsonp method.

<script type="application/javascript">
  function getIP(json) {
    if (json.ip = "192.168.1.2") {
     alert("Blocked  -> Go play with Google");
        window.location = "https://www.google.com";
    }
  }
</script>

<script type="application/javascript" src="https://api.ipify.org?format=jsonp&callback=getIP"></script>