0

Is it possible to set my entaire web application available only from given ip address ? Can I use global.asax or something to place the code only in one place and be able to remove this freely ?

Thanks for any hints

gruber
  • 28,739
  • 35
  • 124
  • 216
  • You want site access throught only one IP ? – Saurabh Jun 02 '11 at 10:11
  • yes for a test purpose only, if ip is different then redirect to another site. I cant publich site on porduction yet but I want to test environment – gruber Jun 02 '11 at 10:15

5 Answers5

2

Best solution for me is to filter IPs in IIS.
I've done it and it works properly ... and you do not have to change a single line of code.

If you do not have access to IIS, then you can follow Scott Hanselman's suggestion and create a custom HttpModule:

namespace YourModuleNameHere
{
    public class IPBlackList : IHttpModule
    {
        private EventHandler onBeginRequest;

        public IPBlackList()
        {
            onBeginRequest = new EventHandler(this.HandleBeginRequest);
        }

        void IHttpModule.Dispose()
        {
        }

        void IHttpModule.Init(HttpApplication context)
        {
            context.BeginRequest += onBeginRequest;
        }

        const string BLOCKEDIPSKEY = "blockedips";
        const string BLOCKEDIPSFILE = "SiteConfig/blockedips.config";

        public static StringDictionary GetBlockedIPs(HttpContext context)
        {
            StringDictionary ips = (StringDictionary)context.Cache[BLOCKEDIPSKEY];
            if (ips == null)
            {
                ips = GetBlockedIPs(GetBlockedIPsFilePathFromCurrentContext(context));
                context.Cache.Insert(BLOCKEDIPSKEY, ips, new CacheDependency(GetBlockedIPsFilePathFromCurrentContext(context)));
            }
            return ips;
        }

        private static string BlockedIPFileName = null;
        private static object blockedIPFileNameObject = new object();
        public static string GetBlockedIPsFilePathFromCurrentContext(HttpContext context)
        {
            if (BlockedIPFileName != null)
                return BlockedIPFileName;
            lock (blockedIPFileNameObject)
            {
                if (BlockedIPFileName == null)
                {
                    BlockedIPFileName = context.Server.MapPath(BLOCKEDIPSFILE);
                }
            }
            return BlockedIPFileName;
        }

        public static StringDictionary GetBlockedIPs(string configPath)
        {
            StringDictionary retval = new StringDictionary();
            using (StreamReader sr = new StreamReader(configPath))
            {
                String line;
                while ((line = sr.ReadLine()) != null)
                {
                    line = line.Trim();
                    if (line.Length != 0)
                    {
                        retval.Add(line, null);
                    }
                }
            }
            return retval;
        }

        private void HandleBeginRequest(object sender, EventArgs evargs)
        {
            HttpApplication app = sender as HttpApplication;

            if (app != null)
            {
                string IPAddr = app.Context.Request.ServerVariables["REMOTE_ADDR"];
                if (IPAddr == null || IPAddr.Length == 0)
                {
                    return;
                }

                StringDictionary badIPs = GetBlockedIPs(app.Context);
                if (badIPs != null && badIPs.ContainsKey(IPAddr))
                {
                    app.Context.Response.StatusCode = 404;
                    app.Context.Response.SuppressContent = true;
                    app.Context.Response.End();
                    return;
                }
            }
        }
    }
}

and use it in your web.config:

<system.web>
    <httpModules>
        <add type = "YourModuleNameHere.IPBlackList, YourAssemblyNameHere" name="IPBlackList" />
   </httpModules>
</system.web>
LeftyX
  • 35,328
  • 21
  • 132
  • 193
0

Yes it is possible. You can get the system IP address from where it is accessed and can block.

Request.Params["REMOTE_ADDR"]

You can see this link for details

Best way to restrict access by IP address?

Community
  • 1
  • 1
AjayR
  • 4,169
  • 4
  • 44
  • 78
0

If you do not have access to iis, or you need to control it from asp.net, you can check on BeginRequest the REMOTE_HOST or the REMOTE_ADDR

protected void Application_BeginRequest(Object sender, EventArgs e)
{
    HttpApplication app = (HttpApplication)sender;

    if(app.Request.ServerVariables["REMOTE_ADDR"] != "1.1.1.1")
    {
        HttpContext.Current.Response.End();
        return
    }
}

but you must think also about Ip spoofing

Ps:REMOTE_HOST and REMOTE_ADDR return to me always the IP only, probably because iis need some extra setup for get the address on the host parametre

Aristos
  • 66,005
  • 16
  • 114
  • 150
0

you could create a HTTP Module for that and than register it inside web.config in case if you do not have access to your IIS.

HttpModule structure should look like as below;

namespace MyApp {

    public class MyModule : IHttpModule {

        public void Init(HttpApplication context) {

        }

        public void Dispose() { 

        }

    }
}

after you implement your logic inside Init event, you need to register the module inside web.config file in order to execute it on every request;

<configuration>
   <system.web>
      <httpModules>
         <add name="MyModule" type="MyApp.MyModule, MyApp" />
      </httpModules>
   </system.web>
</configuration>

If you are on integrated mode of IIS 7 or 7.5, this registration should be done inside <system.webServer> tag of web.config

tugberk
  • 57,477
  • 67
  • 243
  • 335
0
  protected void Application_BeginRequest(object sender, EventArgs e)
    {
        string ip = Request.Params["REMOTE_ADDR"].ToString();
        if (ip == "your-ip")
        {
            // no action
        }
        else
        {
            Response.Redirect("url");  
        }
    }
Saurabh
  • 5,661
  • 2
  • 26
  • 32