IP Ban in PHP isnt working

I thought you could use PHP by adding this to glitch.json
{ "install": "echo 'We Are Ready!'", "start": "php -S -t ." }

1 Like

You need to retrieve the user’s IP from the X-Forwarded-For header.


Yes. @RiversideRocks and @charliea21 reply is correct.
I use PHP a lot on Glitch. I can explain this in detail.

To make PHP work with Glitch, just include it in glitch.json.(I made it simpler):

  "start": "php -S"

$_SERVER['REMOTE_ADDR'] does not get the expected value.
Instead you need to get it from $_SERVER['HTTP_X_FORWARDED_FOR']
This can be checked with phpinfo(). Please confirm your global IP address in advance.
I publish a minimal PHP project. The index.php is phpinfo():

when you look at $_SERVER['HTTP_X_FORWARDED_FOR'], you get the following value:,::ffff:,::ffff:

So you need to split it with , to get

  $ip = explode(",", $_SERVER['HTTP_X_FORWARDED_FOR']);
  echo "{$ip[0]}\n";

This will output the IP address. You may know such a service. I also publish this project.

So the source of @m4sugar is

$ip = explode(",", $_SERVER['HTTP_X_FORWARDED_FOR']);
$deny = array("111.111.111", "222.222.222", "333.333.333");
  header("location: http://www.google.com/");

You can do what you expect. Try it!

1 Like

Thank you so much! That worked!

But what about if they’re ok to visit the site? What do I add?

What do you mean?

I think Glitch should implement an IP ban feature, because even if your project bans certain IPs, it still gets through the Glitch reverse-proxy and counts towards your request quota. :confused:


Maybe you should make a post on #feature-ideas?


Using Cloudflare makes it really tricky to do IP bans. I would love if Glitch had a built in service for this.

That would be a neat idea, along with project comments which I have seen mentioned around the forum.

1 Like

Maybe I should implement IP bans on Glix?


yep, just add stuff that glitch wont/dont have time to add, lol


How do you plan on getting around cloudflare? There is a way in PHP but I have no idea in Express or any other languages.

There are drivers, pretty sure you need Apache for them to work.

@m4sugar There’s a Node.js package aswell

1 Like

Can you explain the concept or method how it is done using PHP? Might be able to figure out a way for Express…

1 Like

This is what I do on my website:



Can you explain what that piece of code does? :sweat_smile:

It checks is the server variable $_SERVER['HTTP_CF_CONNECTING_IP'] is set, if it is, it sets the $_SERVER['REMOTE_ADDR'] variable to $_SERVER['HTTP_CF_CONNECTING_IP'].

Thats what it looks like to me, correct me if I’m wrong.

1 Like