⚠️ Status: untested. This extension is provided as-is and has not been tested in production. Please feel free to fork, modify, improve, and open pull requests.Licensed under GNU GPLv3 (see LICENSE).
Screens storefront visitors through the ip-block.com service and blocks disallowed IP addresses. Built as a native CE Phoenix site-wide hook, so no core files are edited.
- Platform: osCommerce Community Edition (CE Phoenix)
- Tested against: CE Phoenix v1.0.7.18 (osCommerce 2.x / Phoenix hooks system)
- No core-file changes — everything lives under
includes/.
CE Phoenix is the actively maintained continuation of the osCommerce 2.x line and provides the
includes/hooks/shop/…hooks system referenced here. The separate osCommerce v4 (Symfony rewrite) uses a different extension model and is not the target of this package.
CE Phoenix runs the hook group system, action startApplication, as the
very first thing in includes/application_top.php — right after the database
connects and before sessions or any output. That is the earliest possible point
of a storefront request, so screening happens before anything else.
Admin pages use admin/includes/application_top.php and never fire this hook, so
the operator can never be locked out of the administration area. The IP
whitelist is always honoured and skips the API call entirely.
catalog/includes/classes/ip_block.php # Client + Checker (screening logic)
catalog/includes/hooks/shop/system/IpBlock.php # early "startApplication" hook guard
install/ip_block_install.sql # configuration group + settings
- Copy the contents of
catalog/into your shop's catalog directory (so the two files land inincludes/classes/andincludes/hooks/shop/system/). - Import
install/ip_block_install.sql(phpMyAdmin or the admin Database tool). - In Admin → Configuration → IP Block, set Enable IP Block to
true, enter your Site ID and API Key, and adjust the other options.
Alternative to the hook: if you prefer, you can instead add
require 'includes/classes/ip_block.php'; ip_block::guard(); near the top of
includes/application_top.php. The hook approach above is recommended.
| Setting | Key | Default |
|---|---|---|
| Enable IP Block | IPBLOCK_ENABLED |
false |
| Site ID | IPBLOCK_SITE_ID |
(empty) |
| API Key | IPBLOCK_API_KEY |
(empty) |
| API URL | IPBLOCK_API_URL |
https://api.ip-block.com/v1/check |
| Fail Open | IPBLOCK_FAIL_OPEN |
true (allow on error) |
| Cache TTL (seconds) | IPBLOCK_CACHE_TTL |
300 (0 = every request) |
| Behind Proxy | IPBLOCK_BEHIND_PROXY |
false |
| Block Action | IPBLOCK_BLOCK_ACTION |
redirect (or message) |
| Block Message | IPBLOCK_BLOCK_MESSAGE |
Access denied. |
| IP Whitelist | IPBLOCK_WHITELIST |
(empty; one IP per line) |
POST https://api.ip-block.com/v1/check with header Content-Type: application/json
and body:
{"api_key":"…","site_id":"…","ip":"…","user_agent":"…","referrer":"…"}Response {"action":"allow"} or {"action":"block"}. The visitor is blocked
only when action === "block". Timeout is 1 second; on any
error/timeout/non-2xx/missing action the configured fail mode applies (default:
fail open = allow). Decisions are cached by md5(ip|user_agent|referrer).