We can save the client IP using ‘REMOTE_ADDR’, but there is possibility that it is behind some proxy and has have client IP using ‘HTTP_X_FORWARDED_FOR’.
So, we can get some similar pre-defined server methods to detect the IPs and then can easily restrict the concurrent IP request by matching the first 3 bytes of the IP.
A request has to be made and then we may stop it from further accessing the useful functions by showing an error message after we have detected one of the concurrent IP.
We can also detect the country that holds that IP and if that would a high risk country then we can block it.
We can use following module —
Dynamic IP Restriction module can be used for IIS, some of the characteristics are:
- If a client exceeds number of concurrent request allowed, then it temporarily block the client.
- If a client exceeds number of requests within a limited time, then it temporarily block the client.
- Provides support for IPv6 addresses.
Also one can configure server to get proxy ‘HTTP_X_FORWARDED_FOR’ header with is called as Proxy Mode.
To download the extensions: