stackoom
  简体   繁体   中英

Can I programmatically add an IP address to Dynamic IP Restrictions extension in IIS7 from my ASP.NET app?

 原文  2009-02-26 09:44:00       asp.net/ iis/ iis-7

Question

I'm creating a forums based site and want to block the members that post spam or abuse. I was thinking about using an HTTPModule to do this but I came across the Dynamic IP Restrictions extension to IIS7. I wonder if it's possible to add IPs dynamically from my app to the extension?

Also, if you have experience with that extension this will be great. I'm esp.interested to know whether it can affect performance in a high traffic website.

Thanks

2 answers

solution1
 4  2014-08-16 08:01:14

I was also interested in this.

At first I was using the UI in IIS7 to blacklist IP addresses.

在此处输入图像描述

I did take a look at the Rick Strahl link mentioned above but found a great resource here:

http://www.iis.net/configreference/system.webserver/security/ipsecurity/add

The code sample on that page shows you how to perform the action using C#. Here is the snip from that site

using System;
using System.Text;
using Microsoft.Web.Administration;

internal static class Sample
{
   private static void Main()
   {
      using (ServerManager serverManager = new ServerManager())
      {
         Configuration config = serverManager.GetApplicationHostConfiguration();
         ConfigurationSection ipSecuritySection = config.GetSection("system.webServer/security/ipSecurity", "Default Web Site");
         ConfigurationElementCollection ipSecurityCollection = ipSecuritySection.GetCollection();

         ConfigurationElement addElement = ipSecurityCollection.CreateElement("add");
         addElement["ipAddress"] = @"192.168.100.1";
         addElement["allowed"] = false;
         ipSecurityCollection.Add(addElement);

         ConfigurationElement addElement1 = ipSecurityCollection.CreateElement("add");
         addElement1["ipAddress"] = @"169.254.0.0";
         addElement1["subnetMask"] = @"255.255.0.0";
         addElement1["allowed"] = false;
         ipSecurityCollection.Add(addElement1);

         serverManager.CommitChanges();
      }
   }
}

To get the Microsoft.Web.Administration package, in visual studio goto Tools -> Nuget Package Manager -> Package Manager Console.

Then type:

Install-Package Microsoft.Web.Administration

Another way of performing the same task is to use the command line and the appcmd command.

The following command does the same thing:

appcmd.exe set config "Default Web Site/SSM" -section:system.webServer/security/ipSecurity /+"[ipAddress='192.168.100.1',allowed='False']" /commit:apphost

and could be called from code using:

string website = "Default Web Site/SSM";
string ipAddress = "192.168.100.1";
string allowDeny = "False";

string cmd = string.Format("%systemroot%\\system32\\inetsrv\\appcmd.exe set config \"{0}\" -section:system.webServer/security/ipSecurity /+\"[ipAddress='{1}',allowed='{2}']\" /commit:apphost", website, ipAddress, allowDeny);
Process.Start(cmd);

The above command works but it turns out if you call it from C# it complains saying "The system cannot find the file specified Exception". To get around that you have to supply an admin username/password.

Here is the function:

void BlacklistIP(string ipAddress)
{
    string website = "Default Web Site/SSM";
    string allowDeny = "False";
    string domain = "";

    string args = string.Format(" set config \"{0}\" -section:system.webServer/security/ipSecurity /+\"[ipAddress='{1}',allowed='{2}']\" /commit:apphost", website, ipAddress, allowDeny);

    System.Security.SecureString password = new System.Security.SecureString();
    password.AppendChar('y');
    password.AppendChar('o');
    password.AppendChar('u');
    password.AppendChar('r');
    password.AppendChar('p');
    password.AppendChar('a');
    password.AppendChar('s');
    password.AppendChar('s');
    password.AppendChar('w');
    password.AppendChar('o');
    password.AppendChar('r');
    password.AppendChar('d');

    Process.Start(@"C:\windows\System32\inetsrv\appcmd.exe", args, "Administrator", password, domain);
}

Et Voila!

solution2
 3  2009-03-02 07:30:01

It looks likes Rick Strahl has achieved this using the IIS API, please see link below:

http://www.west-wind.com/WebLog/posts/59731.aspx

Andrew

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question IIS7 or ASP.NET is returning an odd client IP Address IIS/ASP.NET MVC: Dynamic IP Address Restrictions on specific folder IP Address and Domain Restrictions in ASP.NET IIS7 Block request to asp.net app using external IP Why is my phone's IP address reported differently (depending on the site) and how can I programmatically obtain a consistent one in ASP.Net? IIS7 Programmatically get App Pool version in ASP.NET How do I assign a hostname to my ip address when publishing asp.net app to RDP server? Can I browse to my ASP.NET application on an Azure VM using an IP address? Why my own IP address has been blocked from accessing the site when I have added it as Allow entry in iis7 IIS -IP Address and Domain Restrictions for LoadBalanced app using Netscaler
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM