A custom code-based Web site access IP Filtering Method!

for some enterprise internal core system, especially when the external network access, for information security, may need to restrict the IP address of external access, although IIS also provided by the IP address or IP address segment to restrict or allow, but did not provide based on the IP address of the city to restrict or allow. This article mainly through the custom extension IHttpModule interface, considering the performance IP database mainly uses Qqwry pure IP database (but this database is not official, I previously compared with the ip138 website, IP address information accuracy about 90%), The primary implementation can be restricted or allowed by IP address or IP address segment (same as IIS), and can be restricted or allowed based on the city where the IP address is located. The core code of the Websitefilter component is as follows:

usingSystem;usingSystem.Collections.Generic;usingSystem.Text;usingsystem.web;usingSystem.Xml;usingSystem.IO;usingSystem.Net;usingNetOpen_System.Component.QQWry;namespacenetopen_system.component{ Public Sealed classWebsitefilterhttpmodule:ihttpmodule {#regionIHttpModule Members Public voidDispose () {} Public voidInit (HttpApplication context) {context. BeginRequest+=NewEventHandler (context_beginrequest); }        #endregion        voidContext_beginrequest (Objectsender, EventArgs e) {            Try            {                //HttpApplication objapp = (HttpApplication) sender;                if(HttpContext.Current.Request.IsLocal)//ignore Local Machine requests                    return; stringIP =HttpContext.Current.Request.UserHostAddress; Qqwrylocator Qqwry=NewQqwrylocator (HttpContext.Current.Server.MapPath (@"~\ipdata\qqwry.dat")); Iplocation IPAddress= Qqwry.query (IP);//querying an IP addressUrlmatchengine PU=Websitefilterconfiguration.getconfig ().                Pickedurls; if(string. IsNullOrEmpty (PU. citysitelist) = =false)                {                    if(PU. Citysitelist.contains (IPAddress. Country) = =false)                    {                        if(!Websitefilterconfiguration.getconfig (). Ipchecks.getipin (IP)) {//If you don't see your guest IP in the IP list//string rawUrl = HttpContext.Current.Request.RawUrl; //urlmatchengine pu = websitefilterconfiguration.getconfig (). Pickedurls;                            ////list contains the current URL and the list is blacklisted, the list does not contain the current URL and the list is not blacklisted when you need to turn////In other words, "equipped with results" and "whether the blacklist" value in accordance with the need to turn                            //if (PU. IsMatch (RAWURL) = = pu. Isblacklist)//{   //non-public URL automatic redirection//HttpContext.Current.Response.Redirect (PU.                            ErrorPage); //}HttpContext.Current.Response.Redirect (PU. ErrorPage,true); //HttpContext.Current.Server.Transfer (PU. ErrorPage);                        }                        Else                        {                            return; }                    }                    Else                    {                        return; }                }                Else                {                    if(!Websitefilterconfiguration.getconfig (). Ipchecks.getipin (IP)) {//If you don't see your guest IP in the IP list//string rawUrl = HttpContext.Current.Request.RawUrl; //urlmatchengine pu = websitefilterconfiguration.getconfig (). Pickedurls;                        ////list contains the current URL and the list is blacklisted, the list does not contain the current URL and the list is not blacklisted when you need to turn////In other words, "equipped with results" and "whether the blacklist" value in accordance with the need to turn                        //if (PU. IsMatch (RAWURL) = = pu. Isblacklist)//{   //non-public URL automatic redirection//HttpContext.Current.Response.Redirect (PU.                        ErrorPage); //}HttpContext.Current.Response.Redirect (PU. ErrorPage,true); //HttpContext.Current.Server.Transfer (PU. ErrorPage);                    }                    Else                    {                        return; }                }            }            Catch            {            }        }    }}

in terms of deployment, it is very simple to use the IHttpModule interface and add the configuration of this component to the HttpModule node in Web. config, access restrictions or allow parameters can be netopen_ SystemWebsiteFilter.cfg.xml is set up, here is a simple configuration example;

<?XML version= "1.0" encoding= "Utf-8"?><Netopen_system>  <Websitefilter>    <Pickedurlisblacklist= "0"ErrorPage= "~/sorry.htm"citysitelist= "Ningbo, Zhejiang Province, Hangzhou, Zhejiang, China">      <Addpattern= "^~/default.aspx"/>    </Pickedurl>    <Pickedip>      <Addip1= "192.168.10.1"IP2= "192.168.10.5" />      <Removeip1= "192.168.10.2"IP2= "192.168.10.4" />      <Addip1= "192.168.10.3" />    </Pickedip>  </Websitefilter></Netopen_system>

the component source code: https://websitefilter.codeplex.com/, Welcome to visit the download! Although the implementation of this component is not complex, the principle is very simple, but more practical, the subsequent will be increased according to IP138 website real-time query, so that the IP address information will be more accurate, but performance may have some impact.

This blog for the Software Life original, welcome reprint, reprint please indicate source: http://www.cnblogs.com/nbpowerboy/p/3160134.html. Deductive or for commercial purposes, but must retain the attribution software of this article life (including links). If you have any questions or authorization to negotiate, please leave me a message. SharePoint Business Intelligence Technology QQ Group: 140668362,. NET Technology Exchange QQ Group: 195516928, Welcome to join the Exchange .

A custom code-based Web site access IP Filtering Method!