我有一个asp.net网站(不是mvc),我需要禁止一个人,如果他试图进入管理页面并且失败了几次。我怎样才能以编程方式实现有效?
我知道我可以禁用某人的IP,但他可以使用代理服务器或vpn。
仅供参考: 我想将我禁止的ips存储在sql-server数据库中。我知道如何做到这一点。
修改 此外,如果我禁止一个帐户,被禁止的人可能只是创建一个新帐户,所以无论是IP禁令还是帐户禁令都不是很好的解决方案。如果我错了,请纠正我,但帐户禁止或 ip禁令会奏效。
答案 0 :(得分:0)
You may add Windows Events to work to you.
Using the right script in Powershell you can check Windows Event Logs to get the wrong authentications and ban them through the Firewall rules. This kind of procedure works better when using MS-SQL, since SQL create its own "bad login" events.
I mean:
1- check event log to see if there are some status codes to indicate "wrong login" - it can be done via a Schedule, (for instance on every 5 minutes) calling a Powershell script to check the correct LOG files.
2- if there are some events, copy the IP and set it into Firewall rules (IN and OUT). For instance, put the detected IP in a BLOCK rule, at any TCP port.
3- I recommend log these IP's in a text file to see, at the final of some time (day, week) which IP's were banned. Clean them for a time basis (eg. one time per month).