Beispiel #1
0
        private static Boolean performLookup(HttpContext current)
        {
            //GateKeeperModule.log.Debug("Beginning lookup");

            // start the clock
            DateTime _start = DateTime.Now;

            // Use test IP if configured
            string ip    = (!string.IsNullOrEmpty(GateKeeperModule.config.ProxyBLTestIPAddress)) ? GateKeeperModule.config.ProxyBLTestIPAddress : current.Request.UserHostAddress;
            string query = string.Format("{0}.{1}", GateKeeperModule.flipIPAddress(ip), "dnsbl.proxybl.org");
            // perform the lookup
            string lookup = GateKeeperModule.DnsLookup(query, GateKeeperModule.config.ProxyBLTimeout);

            // stop the clock
            TimeSpan executiontime = DateTime.Now.Subtract(_start);

            //GateKeeperModule.log.DebugFormat("Lookup completion time in ms [{0}]", executiontime.Milliseconds.ToString());

            // check if we recieved something back
            if (string.IsNullOrEmpty(lookup))
            {
                //GateKeeperModule.log.Debug("Lookup returned no matching domain");
                return(false);
            }

            //GateKeeperModule.log.Debug("Requestor IP address found in lookup");
            if (GateKeeperModule.config.EnableProxyBLLogging)
            {
                AddProxy(current);
            }

            if (!GateKeeperModule.config.DenyProxyBLSuspect)
            {
                //GateKeeperModule.log.Debug("Skipping deny as per config settings");
                return(false);
            }

            // Deny access to suspected spammer
            return(true);
        }
Beispiel #2
0
        private static Boolean performLookup(HttpContext current)
        {
            //GateKeeperModule.log.Debug("Beginning lookup");

            // start the clock
            DateTime _start = DateTime.Now;

            // Use test IP if configured
            string ip    = (!string.IsNullOrEmpty(GateKeeperModule.config.HttpBLTestIPAddress)) ? GateKeeperModule.config.HttpBLTestIPAddress : current.Request.UserHostAddress;
            string query = string.Format("{0}.{1}.{2}", GateKeeperModule.config.HttpBLKeyCode, GateKeeperModule.flipIPAddress(ip), "dnsbl.httpbl.org");
            // perform the lookup
            string lookup = GateKeeperModule.DnsLookup(query, GateKeeperModule.config.HttpBLTimeout);

            // stop the clock
            TimeSpan executiontime = DateTime.Now.Subtract(_start);

            //GateKeeperModule.log.DebugFormat("Lookup completion time in ms [{0}]", executiontime.Milliseconds.ToString());


            // check if we recieved something back
            if (string.IsNullOrEmpty(lookup))
            {
                //GateKeeperModule.log.Debug("Lookup returned no matching domain");
                return(false);
            }

            // Split out response
            Regex parse = new Regex("(?<status>\\d+)\\.(?<days>\\d+)\\.(?<threat>\\d+)\\.(?<type>\\d+)", RegexOptions.Compiled);
            Match match = parse.Match(lookup);

            // Match found, load the lookup values
            int lastactivity = int.Parse(match.Groups["days"].Value);
            int threatscore  = int.Parse(match.Groups["threat"].Value);
            int visitortype  = int.Parse(match.Groups["type"].Value);

            // See if threatscore is greater than threshold set by user
            if (threatscore >= GateKeeperModule.config.ThreatScoreThreshold)
            {
                //GateKeeperModule.log.Debug("Requestor IP address equal to or above threatscore threshold");
                if (GateKeeperModule.config.EnableHttpBLLogging)
                {
                    AddHttp(current, threatscore, visitortype, lastactivity);
                }

                // Check if only check and no deny
                if (!GateKeeperModule.config.DenyHttpBLSuspect)
                {
                    //GateKeeperModule.log.Debug("Skipping deny as per config settings");
                    return(false);
                }

                // Deny access to suspected spammer
                return(true);
            }
            else
            {
                //GateKeeperModule.log.Debug("Requestor IP address below threatscore threshold");
                return(false);
            }
        }