是否可以仅从给定的IP地址设置我的entaire Web应用程序?我可以使用global.asax或其他东西将代码放在一个地方并且能够自由地删除它吗?
感谢任何提示
答案 0 :(得分:2)
对我来说,最好的解决方案是在IIS中过滤IP 我已经完成了它并且它正常工作......而且你不需要改变一行代码。
如果您无法访问IIS,则可以关注Scott Hanselman的suggestion并创建自定义HttpModule:
namespace YourModuleNameHere
{
public class IPBlackList : IHttpModule
{
private EventHandler onBeginRequest;
public IPBlackList()
{
onBeginRequest = new EventHandler(this.HandleBeginRequest);
}
void IHttpModule.Dispose()
{
}
void IHttpModule.Init(HttpApplication context)
{
context.BeginRequest += onBeginRequest;
}
const string BLOCKEDIPSKEY = "blockedips";
const string BLOCKEDIPSFILE = "SiteConfig/blockedips.config";
public static StringDictionary GetBlockedIPs(HttpContext context)
{
StringDictionary ips = (StringDictionary)context.Cache[BLOCKEDIPSKEY];
if (ips == null)
{
ips = GetBlockedIPs(GetBlockedIPsFilePathFromCurrentContext(context));
context.Cache.Insert(BLOCKEDIPSKEY, ips, new CacheDependency(GetBlockedIPsFilePathFromCurrentContext(context)));
}
return ips;
}
private static string BlockedIPFileName = null;
private static object blockedIPFileNameObject = new object();
public static string GetBlockedIPsFilePathFromCurrentContext(HttpContext context)
{
if (BlockedIPFileName != null)
return BlockedIPFileName;
lock (blockedIPFileNameObject)
{
if (BlockedIPFileName == null)
{
BlockedIPFileName = context.Server.MapPath(BLOCKEDIPSFILE);
}
}
return BlockedIPFileName;
}
public static StringDictionary GetBlockedIPs(string configPath)
{
StringDictionary retval = new StringDictionary();
using (StreamReader sr = new StreamReader(configPath))
{
String line;
while ((line = sr.ReadLine()) != null)
{
line = line.Trim();
if (line.Length != 0)
{
retval.Add(line, null);
}
}
}
return retval;
}
private void HandleBeginRequest(object sender, EventArgs evargs)
{
HttpApplication app = sender as HttpApplication;
if (app != null)
{
string IPAddr = app.Context.Request.ServerVariables["REMOTE_ADDR"];
if (IPAddr == null || IPAddr.Length == 0)
{
return;
}
StringDictionary badIPs = GetBlockedIPs(app.Context);
if (badIPs != null && badIPs.ContainsKey(IPAddr))
{
app.Context.Response.StatusCode = 404;
app.Context.Response.SuppressContent = true;
app.Context.Response.End();
return;
}
}
}
}
}
并在web.config:
<system.web>
<httpModules>
<add type = "YourModuleNameHere.IPBlackList, YourAssemblyNameHere" name="IPBlackList" />
</httpModules>
</system.web>
答案 1 :(得分:0)
是的,这是可能的。您可以从访问它的位置获取系统IP地址并阻止它。
Request.Params [ “REMOTE_ADDR”]
您可以看到此链接了解详情
答案 2 :(得分:0)
如果您无法访问iis,或者您需要从asp.net控制它,您可以查看BeginRequest REMOTE_HOST或REMOTE_ADDR
protected void Application_BeginRequest(Object sender, EventArgs e)
{
HttpApplication app = (HttpApplication)sender;
if(app.Request.ServerVariables["REMOTE_ADDR"] != "1.1.1.1")
{
HttpContext.Current.Response.End();
return
}
}
但你也必须考虑Ip spoofing
Ps: REMOTE_HOST 和 REMOTE_ADDR 仅返回IP,可能是因为我需要一些额外的设置来获取主机参数上的地址
答案 3 :(得分:0)
您可以为此创建一个HTTP模块,然后在web.config中注册它,以防您无法访问IIS。
HttpModule结构应如下所示;
namespace MyApp {
public class MyModule : IHttpModule {
public void Init(HttpApplication context) {
}
public void Dispose() {
}
}
}
在Init事件中实现逻辑之后,需要在web.config文件中注册模块,以便在每次请求时执行它;
<configuration>
<system.web>
<httpModules>
<add name="MyModule" type="MyApp.MyModule, MyApp" />
</httpModules>
</system.web>
</configuration>
如果您使用的是IIS 7或7.5的集成模式,则应在web.config的<system.webServer>标记内进行此注册
答案 4 :(得分:0)
protected void Application_BeginRequest(object sender, EventArgs e)
{
string ip = Request.Params["REMOTE_ADDR"].ToString();
if (ip == "your-ip")
{
// no action
}
else
{
Response.Redirect("url");
}
}