29Sep10 Allow or Deny by IP in IIS Cloud Sites

The steps:
Add the following entry into your web.config file and then place a SecurityHttpModule.cs file within a folder named App_Code with the code given. Replace 127.0.0.1 with the IP address that you would like to allow for your domain.
Any questions? Feel free to ask! But be sure to be specific so I can tell your comment is not spam!

My Sources:
Original code from:

The following used to aid in implementation:

WARNINGS:
This code works on my sites, however you may not be able to implement this on your own site. I am not responsible for any damages or data loss that may result in implementing this code. As always, whenever changing the configuration or modifying code on a site, test the code in a staging environment first and back up all data including any databases before implementing.

Applying this code to an entire site will cause compute cycles to rise significantly as every http request will rely on c# code to be run even for static files such as txt, html, and css. For this reason I would recommend not using this on a site that receives a considerable number of hits and to isolate protected content within its own subdomain. Consider carefully if static files, especially those served by the Media Accelerator, would need to run through this screening process and if not, host them on a separate site to reduce the compute cycles consumed.

Add to Web.Config:

1
2
3
4
5
6
7
8

<?xml version="1.0"?>
<configuration>
    <system.webServer>
        <modules>
            <add name="SecurityHttpModule" type="SecurityHttpModule"/>
        </modules>
    </system.webServer>
</configuration>

Save in App_Code\SecurityHttpModule.cs

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34

///
/// HTTP module to restrict access by IP address
/// From http://www.codeproject.com/KB/aspnet/http-module-ip-security.aspx
/// Modified with:
///  http://msdn.microsoft.com/en-us/ms227673.aspx
///  http://www.geekpedia.com/KB84_The-name-Request-does-not-exist-in-the-current-context.html
///  http://cloudsites.rackspacecloud.com/index.php/How_do_I_deny_certain_IP_addresses_from_accessing_my_site%3F
///
using System;
using System.Web;
public class SecurityHttpModule: IHttpModule
{
 public SecurityHttpModule() { }
    public void Init(HttpApplication context)
    {
        context.BeginRequest += new EventHandler(Application_BeginRequest);
    }
    private void Application_BeginRequest(object source, EventArgs e)
    {
        HttpContext context = ((HttpApplication)source).Context;
        string ipAddress =  System.Web.HttpContext.Current.Request.ServerVariables["HTTP_X_CLUSTER_CLIENT_IP"];
		string path = ((HttpApplication)source).Request.Path;
		string ext = path.Substring(path.Length-3, 3).ToLower();
        if (!IsValidIpAddress(ipAddress) &amp;&amp; ext != "jpg" &amp;&amp; ext != "gif" &amp;&amp; ext != "png" &amp;&amp; ext != "mp3" &amp;&amp; ext != "wav" &amp;&amp; ext != "wma" &amp;&amp; ext != "swf")
        {
            context.Response.StatusCode = 403;  // (Forbidden)
	}
    }
    private bool IsValidIpAddress(string ipAddress)
    {
        return (ipAddress == "127.0.0.1");
    }
    public void Dispose() { /* clean up */ }
}
Share and Enjoy:
  • Print
  • Digg
  • StumbleUpon
  • del.icio.us
  • Facebook
  • Yahoo! Buzz
  • Twitter
  • Google Bookmarks
No Comments Posted by in ASP.NET
Tagged , ,

Leave a Reply

CAPTCHA

*

Using Gravatars in the comments - get your own and be recognized!

XHTML: These are some of the tags you can use: <a href=""> <b> <blockquote> <code> <em> <i> <strike> <strong>