Question

我接管了一个运行旧版社区服务器的域名。毋庸置疑，机器人正试图发现漏洞。

我想在System.Web.HttpRequest.ValidateInputIfRequiredByConfig()被触发之前阻止整个IP块。我有一个IHttpModule我尝试过，但我认为它之后被调用，因为HealthMonitoring正在捕获例外。这是模块：

 public class IpBlockerModule : IHttpModule
{
    private static readonly string[] Hacks = new[]
                                                 {
                                                     "60.169.73.",
                                                     "60.169.75.",
                                                     "61.160.232.",
                                                     "61.160.207.",
                                                     "92.85.161."
                                                 };

    public void Dispose()
    {

    }

    public void Init(HttpApplication context)
    {
        context.BeginRequest += (Application_BeginRequest);
    }

    private void Application_BeginRequest(object source, EventArgs e)
    {
        var context = ((HttpApplication) source).Context;
        var ipAddress = context.Request.UserHostAddress;

        if (!IsHackIpAddress(ipAddress))
        {
            context.Response.StatusCode = 403; // (Forbidden)
        }
    }

    private static bool IsHackIpAddress(string ip)
    {
        if (ip == null) return true;

        return Hacks.Any(x => x.StartsWith(ip));
    }
}

相关的web.config部分：

<system.web>
    <httpModules>
      <add name="IpBlockerModule" type="MyNameSpace.IpBlockerModule" />
    </httpModules>    
</system.web>

<system.webServer>
    <validation validateIntegratedModeConfiguration="false" />
    <modules runAllManagedModulesForAllRequests="true" >
      <add name="IpBlockerModule" type="MyNameSpace.IpBlockerModule" preCondition="" />
    </modules>   
</system.webServer>

这背后的原因是我的收件箱从所有

收到垃圾邮件

A potentially dangerous Request.Path value was detected from the
client

和

 A potentially dangerous Request.Form value was detected from the client

通知。我的模块出了什么问题，或者我认为模块在事后才被解雇是正确的吗？

Answer 1

作为替代解决方案，您是否考虑过让IIS为您完成工作？这样，请求永远不会进入您的应用程序。您可以通过web.config执行此操作，并且有一篇详细介绍该过程的文章located here.以下示例直接从该文章中复制，并放置在您的web.config的<system.webServer>部分中：

<security>
    <ipSecurity allowUnlisted="true">    <!-- this line allows everybody, except those listed below -->            
       <clear/>     <!-- removes all upstream restrictions -->                
       <add ipAddress="83.116.19.53"/>     <!-- blocks the specific IP of 83.116.19.53  -->                
       <add ipAddress="83.116.119.0" subnetMask="255.255.255.0"/>     <!--blocks network 83.116.119.0 to 83.116.119.255-->                
       <add ipAddress="83.116.0.0" subnetMask="255.255.0.0"/>     <!--blocks network 83.116.0.0 to 83.116.255.255-->                
       <add ipAddress="83.0.0.0" subnetMask="255.0.0.0"/>     <!--blocks entire /8 network of 83.0.0.0 to 83.255.255.255-->                
   </ipSecurity>
</security>

Answer 2

您还可以添加获取和记录IP地址的功能，以便仅识别和阻止垃圾邮件。

这里是C＃代码以获取IP地址

use strict;
use warnings;

Loop: print "\nChecking Equality\n";
print "Enter number for variable a\n";
my $a = <stdin>;
print "Enter number for variable b\n";
my $b = <stdin>;
if ( $a == $b ) {
    print 'a and b are equal';
    print "\n\n";
}
else {
    print 'a and b are not equal';
}
print "\n\n";
print "do you want to check more? Enter y/n\n";

chomp(my $c = <stdin>);

if ( $c eq "y" ) {
    goto Loop;
}
else {
    print "Exiting\n";
}

我注意到上面答案中的链接已消失，因此请使用这篇详细的文章here

在HttpModule中阻止IP地址

2 个答案: