An IP Address Blocking HttpModule for ASP.NET in 9 minutes
namespace YourModuleNameHere
10 {
11 public class IPBlackList : IHttpModule
12 {
13 private EventHandler onBeginRequest;
14
15 public IPBlackList()
16 {
17 onBeginRequest = new EventHandler(this.HandleBeginRequest);
18 }
19
20 void IHttpModule.Dispose()
21 {
22 }
23
24 void IHttpModule.Init(HttpApplication context)
25 {
26 context.BeginRequest += onBeginRequest;
27 }
28
29 const string BLOCKEDIPSKEY = "blockedips";
30 const string BLOCKEDIPSFILE = "SiteConfig/blockedips.config";
31
32 public static StringDictionary GetBlockedIPs(HttpContext context)
33 {
34 StringDictionary ips = (StringDictionary)context.Cache[BLOCKEDIPSKEY ];
35 if (ips == null)
36 {
37 ips = GetBlockedIPs(GetBlockedIPsFilePathFromCurrentContext(context));
38 context.Cache.Insert(BLOCKEDIPSKEY , ips, new CacheDependency(GetBlockedIPsFilePathFromCurrentContext(context)));
39 }
40 return ips;
41 }
42
43 private static string BlockedIPFileName = null;
44 private static object blockedIPFileNameObject = new object();
45 public static string GetBlockedIPsFilePathFromCurrentContext(HttpContext context)
46 {
47 if (BlockedIPFileName != null)
48 return BlockedIPFileName;
49 lock(blockedIPFileNameObject)
50 {
51 if (BlockedIPFileName == null)
52 {
53 BlockedIPFileName = context.Server.MapPath(BLOCKEDIPSFILE);
54 }
55 }
56 return BlockedIPFileName;
57 }
58
59 public static StringDictionary GetBlockedIPs(string configPath)
60 {
61 StringDictionary retval = new StringDictionary();
62 using (StreamReader sr = new StreamReader(configPath))
63 {
64 String line;
65 while ((line = sr.ReadLine()) != null)
66 {
67 line = line.Trim();
68 if (line.Length != 0)
69 {
70 retval.Add(line, null);
71 }
72 }
73 }
74 return retval;
75 }
76
77 private void HandleBeginRequest( object sender, EventArgs evargs )
78 {
79 HttpApplication app = sender as HttpApplication;
80
81 if ( app != null )
82 {
83 string IPAddr = app.Context.Request.ServerVariables["REMOTE_ADDR"];
84 if (IPAddr == null || IPAddr.Length == 0)
85 {
86 return;
87 }
88
89 StringDictionary badIPs = GetBlockedIPs(app.Context);
90 if (badIPs != null && badIPs.ContainsKey(IPAddr))
91 {
92 app.Context.Response.StatusCode = 404;
93 app.Context.Response.SuppressContent = true;
94 app.Context.Response.End();
95 return;
96 }
97 }
98 }
99 }
100 }
And in your web.config:
42 <system.web>
43 <httpModules>
44 <add type="YourModuleNameHere.IPBlackList, YourAssemblyNameHere"
45 name="IPBlackList" />
46 </httpModules>
47 </system.web>
No warrenty, express or implied. If it sucks or has bugs/security holes, let me know as it's 9 minutes work.