I'm sure this has been done before, but it was faster to write it than to google for it. There's some IP Addresses that have been bothering me and I don't have access to a firewall or IIS at my ISP, so...
I can upload a text file called blockedips.txt to my site and the changes happen immediately.
9 namespace YourModuleNameHere
10 {
11 public class IPBlackList : IHttpModule
12 {
13 private EventHandler onBeginRequest;
14
15 public IPBlackList()
16 {
17 onBeginRequest = new EventHandler(this.HandleBeginRequest);
18 }
19
20 void IHttpModule.Dispose()
21 {
22 }
23
24 void IHttpModule.Init(HttpApplication context)
25 {
26 context.BeginRequest += onBeginRequest;
27 }
28
29 const string BLOCKEDIPSKEY = "blockedips";
30 const string BLOCKEDIPSFILE = "SiteConfig/blockedips.config";
31
32 public static StringDictionary GetBlockedIPs(HttpContext context)
33 {
34 StringDictionary ips = (StringDictionary)context.Cache[BLOCKEDIPSKEY ];
35 if (ips == null)
36 {
37 ips = GetBlockedIPs(GetBlockedIPsFilePathFromCurrentContext(context));
38 context.Cache.Insert(BLOCKEDIPSKEY , ips, new CacheDependency(GetBlockedIPsFilePathFromCurrentContext(context)));
39 }
40 return ips;
41 }
42
43 private static string BlockedIPFileName = null;
44 private static object blockedIPFileNameObject = new object();
45 public static string GetBlockedIPsFilePathFromCurrentContext(HttpContext context)
46 {
47 if (BlockedIPFileName != null)
48 return BlockedIPFileName;
49 lock(blockedIPFileNameObject)
50 {
51 if (BlockedIPFileName == null)
52 {
53 BlockedIPFileName = context.Server.MapPath(BLOCKEDIPSFILE);
54 }
55 }
56 return BlockedIPFileName;
57 }
58
59 public static StringDictionary GetBlockedIPs(string configPath)
60 {
61 StringDictionary retval = new StringDictionary();
62 using (StreamReader sr = new StreamReader(configPath))
63 {
64 String line;
65 while ((line = sr.ReadLine()) != null)
66 {
67 line = line.Trim();
68 if (line.Length != 0)
69 {
70 retval.Add(line, null);
71 }
72 }
73 }
74 return retval;
75 }
76
77 private void HandleBeginRequest( object sender, EventArgs evargs )
78 {
79 HttpApplication app = sender as HttpApplication;
80
81 if ( app != null )
82 {
83 string IPAddr = app.Context.Request.ServerVariables["REMOTE_ADDR"];
84 if (IPAddr == null || IPAddr.Length == 0)
85 {
86 return;
87 }
88
89 StringDictionary badIPs = GetBlockedIPs(app.Context);
90 if (badIPs != null && badIPs.ContainsKey(IPAddr))
91 {
92 app.Context.Response.StatusCode = 404;
93 app.Context.Response.SuppressContent = true;
94 app.Context.Response.End();
95 return;
96 }
97 }
98 }
99 }
100 }
10 {
11 public class IPBlackList : IHttpModule
12 {
13 private EventHandler onBeginRequest;
14
15 public IPBlackList()
16 {
17 onBeginRequest = new EventHandler(this.HandleBeginRequest);
18 }
19
20 void IHttpModule.Dispose()
21 {
22 }
23
24 void IHttpModule.Init(HttpApplication context)
25 {
26 context.BeginRequest += onBeginRequest;
27 }
28
29 const string BLOCKEDIPSKEY = "blockedips";
30 const string BLOCKEDIPSFILE = "SiteConfig/blockedips.config";
31
32 public static StringDictionary GetBlockedIPs(HttpContext context)
33 {
34 StringDictionary ips = (StringDictionary)context.Cache[BLOCKEDIPSKEY ];
35 if (ips == null)
36 {
37 ips = GetBlockedIPs(GetBlockedIPsFilePathFromCurrentContext(context));
38 context.Cache.Insert(BLOCKEDIPSKEY , ips, new CacheDependency(GetBlockedIPsFilePathFromCurrentContext(context)));
39 }
40 return ips;
41 }
42
43 private static string BlockedIPFileName = null;
44 private static object blockedIPFileNameObject = new object();
45 public static string GetBlockedIPsFilePathFromCurrentContext(HttpContext context)
46 {
47 if (BlockedIPFileName != null)
48 return BlockedIPFileName;
49 lock(blockedIPFileNameObject)
50 {
51 if (BlockedIPFileName == null)
52 {
53 BlockedIPFileName = context.Server.MapPath(BLOCKEDIPSFILE);
54 }
55 }
56 return BlockedIPFileName;
57 }
58
59 public static StringDictionary GetBlockedIPs(string configPath)
60 {
61 StringDictionary retval = new StringDictionary();
62 using (StreamReader sr = new StreamReader(configPath))
63 {
64 String line;
65 while ((line = sr.ReadLine()) != null)
66 {
67 line = line.Trim();
68 if (line.Length != 0)
69 {
70 retval.Add(line, null);
71 }
72 }
73 }
74 return retval;
75 }
76
77 private void HandleBeginRequest( object sender, EventArgs evargs )
78 {
79 HttpApplication app = sender as HttpApplication;
80
81 if ( app != null )
82 {
83 string IPAddr = app.Context.Request.ServerVariables["REMOTE_ADDR"];
84 if (IPAddr == null || IPAddr.Length == 0)
85 {
86 return;
87 }
88
89 StringDictionary badIPs = GetBlockedIPs(app.Context);
90 if (badIPs != null && badIPs.ContainsKey(IPAddr))
91 {
92 app.Context.Response.StatusCode = 404;
93 app.Context.Response.SuppressContent = true;
94 app.Context.Response.End();
95 return;
96 }
97 }
98 }
99 }
100 }
And in your web.config:
42 <system.web>
43 <httpModules>
44 <add type="YourModuleNameHere.IPBlackList, YourAssemblyNameHere"
45 name="IPBlackList" />
46 </httpModules>
47 </system.web>
43 <httpModules>
44 <add type="YourModuleNameHere.IPBlackList, YourAssemblyNameHere"
45 name="IPBlackList" />
46 </httpModules>
47 </system.web>
using System;
using System.Collections.Generic;
using System.Text;
using System.Web;
using System.Web.SessionState;
namespace StateWall
{
public class StateShield : IHttpModule
{
public void Init(HttpApplication ctx)
{
ctx.PreRequestHandlerExecute += new EventHandler(RunSessionRules);
}
public void Dispose(){}
private void RunSessionRules(object sender, EventArgs e)
{
HttpContext ctx = HttpContext.Current;
HttpSessionState session = ctx.Session;
if (ctx.Request.Url.LocalPath == "/logout.aspx")
{
session.RemoveAll();
ctx.Response.Write("All session variables are flushed out!");
ctx.Response.End();
}
if (ctx.Request.Url.LocalPath != "/login.aspx")
{
int flag = 0;
foreach (string key in session.Keys)
{
if (key.ToString() == "login")
{
if (session[key].ToString() == "successful")
{
flag = 1;
}
}
}
if (flag == 0)
{
ctx.Response.Write("Unauthorized access without session.");
ctx.Response.End();
}
}
}
}
}
using System.Collections.Generic;
using System.Text;
using System.Web;
using System.Web.SessionState;
namespace StateWall
{
public class StateShield : IHttpModule
{
public void Init(HttpApplication ctx)
{
ctx.PreRequestHandlerExecute += new EventHandler(RunSessionRules);
}
public void Dispose(){}
private void RunSessionRules(object sender, EventArgs e)
{
HttpContext ctx = HttpContext.Current;
HttpSessionState session = ctx.Session;
if (ctx.Request.Url.LocalPath == "/logout.aspx")
{
session.RemoveAll();
ctx.Response.Write("All session variables are flushed out!");
ctx.Response.End();
}
if (ctx.Request.Url.LocalPath != "/login.aspx")
{
int flag = 0;
foreach (string key in session.Keys)
{
if (key.ToString() == "login")
{
if (session[key].ToString() == "successful")
{
flag = 1;
}
}
}
if (flag == 0)
{
ctx.Response.Write("Unauthorized access without session.");
ctx.Response.End();
}
}
}
}
}