IP Ban in PHP isnt working

I have used this code for an IP ban:
<?php $deny = array("111.111.111", "222.222.222", "333.333.333"); if (in_array ($_SERVER['REMOTE_ADDR'], $deny)) { header("location: https://example.com/"); exit(); } ?>
It currently does not when I put my IP in. What am I doing wrong?

Currently PHP doesn’t work with glitch as far as I know of. They hope to release it in the future.
There are some project templates you can try to get around this incompatibility.

It also could be did you put your IP in the correct place.
You could try this bit of code in PHP:

$deny = array("111.111.111", "222.222.222", "333.333.333");
foreach ($deny as $denyip) {
  if (strpos($_SERVER['REMOTE_ADDR'], $denyip)===0) {
    header("location: http://www.google.com/");

You could try node-php

yeah that is another way.

I think that would be your best option, is your project entirely in PHP?

Wouldn’t that also be express-php?

Yep, if you want to use express then you would use express-php

So there happens to be a server.js file code directly for that.

Yep, just follow the instructions in the readme and add the line to server.js

I thought you could use PHP by adding this to glitch.json
{ "install": "echo 'We Are Ready!'", "start": "php -S -t ." }

1 Like

You need to retrieve the user’s IP from the X-Forwarded-For header.


Yes. @RiversideRocks and @charliea21 reply is correct.
I use PHP a lot on Glitch. I can explain this in detail.

To make PHP work with Glitch, just include it in glitch.json.(I made it simpler):

  "start": "php -S"

$_SERVER['REMOTE_ADDR'] does not get the expected value.
Instead you need to get it from $_SERVER['HTTP_X_FORWARDED_FOR']
This can be checked with phpinfo(). Please confirm your global IP address in advance.
I publish a minimal PHP project. The index.php is phpinfo():

when you look at $_SERVER['HTTP_X_FORWARDED_FOR'], you get the following value:,::ffff:,::ffff:

So you need to split it with , to get

  $ip = explode(",", $_SERVER['HTTP_X_FORWARDED_FOR']);
  echo "{$ip[0]}\n";

This will output the IP address. You may know such a service. I also publish this project.

So the source of @m4sugar is

$ip = explode(",", $_SERVER['HTTP_X_FORWARDED_FOR']);
$deny = array("111.111.111", "222.222.222", "333.333.333");
  header("location: http://www.google.com/");

You can do what you expect. Try it!

1 Like

Thank you so much! That worked!

But what about if they’re ok to visit the site? What do I add?

What do you mean?

I think Glitch should implement an IP ban feature, because even if your project bans certain IPs, it still gets through the Glitch reverse-proxy and counts towards your request quota. :confused:


Maybe you should make a post on #feature-ideas?


Using Cloudflare makes it really tricky to do IP bans. I would love if Glitch had a built in service for this.

That would be a neat idea, along with project comments which I have seen mentioned around the forum.

1 Like