An asp.net Website access IP address filtering method based on custom code !, Asp. netip
For information security purposes, you may need to restrict the IP addresses for external access to some enterprise's core systems, especially when accessing the Internet, although IIS also provides restrictions or permits based on the IP address or IP address segment, it does not provide restrictions or permits based on the city where the IP address is located. This article mainly extends the IHttpModule interface through custom extensions. Considering the performance, the IP database mainly adopts the QQwry pure IP database (but this database is not official. I have compared it with the ip138 website before, the accuracy of the IP address information is about 90%), which can be restricted or allowed Based on the IP address or IP address segment (the same as that of IIS ), in addition, you can restrict or permit IP addresses Based on the city where they are located. The core code of the WebsiteFilter component is as follows:
Using System; using System. collections. generic; using System. text; using System. web; using System. xml; using System. IO; using System. net; using metadata; namespace NetOpen_System.Component {public sealed class WebsiteFilterHttpModule: IHttpModule {# region IHttpModule member public void Dispose () {} public void Init (HttpApplication context) {context. beginRequest + = new EventHandler (con Text_BeginRequest) ;}# endregion void context_BeginRequest (object sender, EventArgs e) {try {// HttpApplication objApp = (HttpApplication) sender; if (HttpContext. current. request. isLocal) // ignore the Local Computer request return; string ip = HttpContext. current. request. userHostAddress; QQWryLocator qqWry = new QQWryLocator (HttpContext. current. server. mapPath (@"~ \ IpData \ qqwry. dat "); IPLocation ipaddress = qqWry. query (ip); // Query an ip address UrlMatchEngine pu = WebsiteFilterConfiguration. getConfig (). pickedUrls; if (string. isNullOrEmpty (pu. citySiteList) = false) {if (pu. citySiteList. contains (ipaddress. country) = false) {if (! WebsiteFilterConfiguration. getConfig (). ipChecks. getIpIn (ip) {// If the visitor's IP address cannot be found in the ip address list // string rawUrl = HttpContext. current. request. rawUrl; // UrlMatchEngine pu = WebsiteFilterConfiguration. getConfig (). pickedUrls; // The list contains the current url and the list is blacklisted. The list does not contain the current url and the list is not blacklisted, when the value of "configuration result" is the same as that of "blacklist or not", you need to switch to // if (pu. isMatch (rawUrl) = pu. isBlacklist) // {// automatic redirection of Non-public URLs // HttpContext. current. response. redirect (pu. errorPage ); //} HttpContext. current. response. redirect (pu. errorPage, true); // HttpContext. current. server. transfer (pu. errorPage) ;}else {return ;}} else {if (! WebsiteFilterConfiguration. getConfig (). ipChecks. getIpIn (ip) {// If the visitor's IP address cannot be found in the ip address list // string rawUrl = HttpContext. current. request. rawUrl; // UrlMatchEngine pu = WebsiteFilterConfiguration. getConfig (). pickedUrls; // The list contains the current url and the list is blacklisted. The list does not contain the current url and the list is not blacklisted, when the value of "configuration result" is the same as that of "blacklist or not", you need to switch to // if (pu. isMatch (rawUrl) = pu. isBlacklist) // {// automatic redirection of Non-public URLs // HttpContext. current. response. redirect (pu. errorPage); //} HttpContext. current. response. redirect (pu. errorPage, true); // HttpContext. current. server. transfer (pu. errorPage) ;}else {return ;}} catch {}}}}
In terms of deployment, it is very simple to use the IHttpModule interface and. add the configuration of this component to the HttpModule node in config. You can set access restrictions or allowed parameters in NetOpen_SystemWebsiteFilter.cfg.xml. The following is a simple configuration example;
<? Xml version = "1.0" encoding = "UTF-8"?> <NetOpen_System> <WebsiteFilter> <PickedUrl IsBlacklist = "0" ErrorPage = "~ /Sorry.htm "CitySiteList =" Ningbo City, Zhejiang Province "> <add pattern =" ^ ~ /Default. aspx "/> </PickedUrl> <PickedIP> <add ip1 =" 192.168.10.1 "ip2 =" 192.168.10.5 "/> <remove ip1 =" 192.168.10.2 "ip2 =" 192.168.10.4 "/> <add ip1 = "192.168.10.3"/> </PickedIP> </WebsiteFilter> </NetOpen_System>
Source code of this component: https://websitefilter.codeplex.com/. welcome to download it! Although the implementation of this component is not complex and the principle is simple, it is more practical. In the future, real-time queries will be performed based on the IP138 website, so that the IP address information will be more accurate, however, it may have some impact on performance.
This blog is original in software life. You are welcome to repost it. For details, refer to http://www.cnblogs.com/nbpowerboy/p/4240134.html. Assume or use it for commercial purposes, but you must keep the signed software life (including links) in this article ). If you have any questions or authorization negotiation, please leave a message for me.SharePoint Business Intelligence Technology QQ group: 140668362,. Net technology exchange QQ group: 195516928, welcome to join the exchange. |