/// <summary> /// Return a list of ranges that contain invalid ranges /// </summary> /// <returns>List of errored ranges</returns> public IEnumerable <string> InitIpAccessControl(IpAccessControl rule) { var errors = new List <string>(); foreach (var exception in rule.Exceptions) { var ipAddressRange = exception.IpAddressType == IpAccessControl.IpAddressType.Single ? exception.FromIpAddress : $"{exception.FromIpAddress}-{exception.ToIpAddress}"; if (!IPAddressRange.TryParse(ipAddressRange, out var range)) { errors.Add(ipAddressRange); } range.Begin = range.Begin.MapToIPv6(); range.End = range.End.MapToIPv6(); exception.Range = range; } return(errors); }
/// <summary> /// States whether a specific ip address is valid within the rules of client access control /// </summary> /// <param name="rule"></param> /// <param name="ipAddress"></param> /// <returns></returns> public bool IsValid(IpAccessControl rule, string ipAddress) { IPAddressRange clientRange; if (ipAddress.Equals(IPAddress.IPv6Loopback.ToString())) { clientRange = new IPAddressRange(IPAddress.Loopback); } else if (!IPAddressRange.TryParse(ipAddress, out clientRange)) { return(false); } var ip6 = clientRange.Begin.MapToIPv6(); if (rule.Exceptions.Where(x => x.Range != null).Any(exception => exception.Range.Contains(ip6))) { return(rule.AccessType != IpAccessControl.AccessTypes.AllowAll); } return(rule.AccessType == IpAccessControl.AccessTypes.AllowAll); }
/// <summary> /// States whether a specific ip address is valid within the rules of client access control /// </summary> /// <param name="rule">The Ip Access Control to determine whether to grant access or not</param> /// <param name="request">The current HttpContext Request</param> /// <returns></returns> public bool IsValid(IpAccessControl rule, HttpRequest request) { var ips = new List <IPAddress>(); if (Configuration.IpAddressValidation.CheckUserHostAddress) { ips.Add(GetIpAddressRange(request.UserHostAddress).Begin.MapToIPv6()); } foreach (var requestHeader in Configuration.IpAddressValidation.RequestHeaders) { var headerValue = request.Headers[requestHeader]; if (string.IsNullOrEmpty(headerValue)) { continue; } var headerIps = headerValue.Split(new [] { ',' }, StringSplitOptions.RemoveEmptyEntries); foreach (var headerIp in headerIps) { var clientRange = GetIpAddressRange(headerIp); if (clientRange != null) { ips.Add(clientRange.Begin.MapToIPv6()); } } } if (rule.Exceptions.Where(x => x.Range != null).Any(exception => exception.Range.Contains(ips))) { return(rule.AccessType != IpAccessControl.AccessTypes.AllowAll); } return(rule.AccessType == IpAccessControl.AccessTypes.AllowAll); }