Exemple #1
0
        /// <summary>
        /// Puts the values from the page into the configuration
        /// </summary>
        protected override bool ApplyChanges()
        {
            this.moduleConfiguration.Enabled       = enabledCB.Checked;
            this.moduleConfiguration.VerifyAll     = verifyAllCB.Checked;
            this.moduleConfiguration.DenyAction    = (comboBoxDenyAction.SelectedItem as ComboboxItem).Value.ToString();
            this.moduleConfiguration.AllowedMode   = allowedRB.Checked;
            this.moduleConfiguration.GeoIpFilepath = geoIpFilepathTB.Text;

            this.moduleConfiguration.SelectedCountryCodes.Clear();
            foreach (Country geoblockItem in selectedCountryCodesLB.CheckedItems)
            {
                this.moduleConfiguration.SelectedCountryCodes.Add(geoblockItem);
            }

            this.moduleConfiguration.ExceptionRules.Clear();
            foreach (DataGridViewRow row in this.exceptionRulesDGV.Rows)
            {
                ExceptionRule item = (ExceptionRule)row.DataBoundItem;
                this.moduleConfiguration.ExceptionRules.Add(item);
            }

            UpdateConfiguration();

            hasChanges = false;
            this.Update();//reloads tasks

            return(true);
        }
        /// <summary>
        /// Fired when the user clicks the OK button. Checks if the user input is valid. If so, it sets the exception rule and closes the form
        /// </summary>
        /// <param name="sender">Not used</param>
        /// <param name="e">Not used</param>
        private void BOk_Click(object sender, EventArgs e)
        {
            if (RBSpecificIpAddress.Checked)
            {
                IPAddress ip;
                if (!IPAddress.TryParse(TBSpecificIpAddress.Text, out ip))
                {
                    MessageBox.Show(this, "'" + TBSpecificIpAddress.Text + "' is an invalid IP address.", this.Text, MessageBoxButtons.OK, MessageBoxIcon.Exclamation);
                    return;
                }
                else
                {
                    //We will check against existing exception rules if there is a conflict or overlap
                    ExceptionRule newRule = new ExceptionRule(this.AllowMode, ip.ToString(), null);
                    if (CheckNewRule(newRule))
                    {
                        this.exceptionRule = newRule;
                        this.DialogResult  = DialogResult.OK;
                        this.Close();
                    }
                }
            }
            else
            {
                IPAddress range;
                IPAddress mask;
                if (!IPAddress.TryParse(TBAddressRange.Text, out range))
                {
                    MessageBox.Show(this, "'" + TBAddressRange.Text + "' is an invalid IP address.", this.Text, MessageBoxButtons.OK, MessageBoxIcon.Exclamation);
                    return;
                }

                if (!IPAddress.TryParse(TBMask.Text, out mask))
                {
                    MessageBox.Show(this, "'" + TBMask.Text + "' is an invalid subnet mask.", this.Text, MessageBoxButtons.OK, MessageBoxIcon.Exclamation);
                    return;
                }

                try
                {
                    var cidr = IPAddressRange.Parse(TBAddressRange.Text + "/" + TBMask.Text).ToCidrString();
                }
                catch
                {
                    MessageBox.Show(this, "'" + TBMask.Text + "' is an invalid subnet mask.", this.Text, MessageBoxButtons.OK, MessageBoxIcon.Exclamation);
                    return;
                }


                //We will check against existing exception rules if there is a conflict or overlap
                ExceptionRule newRule = new ExceptionRule(this.AllowMode, range.ToString(), mask.ToString());
                if (CheckNewRule(newRule))
                {
                    this.exceptionRule = newRule;
                    this.DialogResult  = DialogResult.OK;
                    this.Close();
                }
            }
        }
Exemple #3
0
 /// <summary>
 /// Checks whether an IP address matches to an exception rule
 /// </summary>
 /// <param name="ipAddress">The IP address to check</param>
 /// <param name="exceptionRule">The exception rule to match it against</param>
 /// <returns>True if the IP address matches to the exception rule. False otherwise</returns>
 private bool IpAddressMatchesExceptionRule(IPAddress ipAddress, ExceptionRule exceptionRule)
 {
     if (String.IsNullOrEmpty(exceptionRule.Mask) && IPAddress.Parse(exceptionRule.IpAddress).Equals(ipAddress))
     {
         return(true);
     }
     if (!String.IsNullOrEmpty(exceptionRule.Mask) && IPUtilities.IsInSameSubnet(ipAddress, exceptionRule.IpAddress, exceptionRule.Mask))
     {
         return(true);
     }
     return(false);
 }
Exemple #4
0
 /// <summary>
 /// Checks for conflicts between the new rule and the existing exception rules
 /// </summary>
 /// <param name="newRule">The new rule to check</param>
 /// <returns>True if there is no conflict. False otherwise</returns>
 private bool CheckNewRule(ExceptionRule newRule)
 {
     foreach (ExceptionRule existingRule in this.existingRules)
     {
         if (String.IsNullOrEmpty(newRule.Mask))
         {
             if (String.IsNullOrEmpty(existingRule.Mask))
             {
                 if (newRule.IpAddress.Equals(existingRule.IpAddress))
                 {
                     if (newRule.AllowedMode == existingRule.AllowedMode)
                     {
                         MessageBox.Show(this, "This exception rule allready exists", this.Text, MessageBoxButtons.OK, MessageBoxIcon.Error, MessageBoxDefaultButton.Button1);
                         return(false);
                     }
                     else
                     {
                         MessageBox.Show(this, "This exception rule conflicts with rule: " + existingRule.ToString(), this.Text, MessageBoxButtons.OK, MessageBoxIcon.Error, MessageBoxDefaultButton.Button1);
                         return(false);
                     }
                 }
             }
             else
             {
                 if (IPUtilities.IsInSameSubnet(newRule.IpAddress, existingRule.IpAddress, existingRule.Mask))
                 {
                     if (newRule.AllowedMode == existingRule.AllowedMode)
                     {
                         DialogResult result = MessageBox.Show(this, "This exception rule overlaps with rule: " + existingRule.ToString() + ". Add it anyway?", this.Text, MessageBoxButtons.YesNoCancel, MessageBoxIcon.Warning, MessageBoxDefaultButton.Button1);
                         if (result == DialogResult.Yes)
                         {
                             return(true);
                         }
                         else
                         {
                             return(false);
                         }
                     }
                     else
                     {
                         MessageBox.Show(this, "This exception rule conflicts with rule: " + existingRule.ToString(), this.Text, MessageBoxButtons.OK, MessageBoxIcon.Error, MessageBoxDefaultButton.Button1);
                         return(false);
                     }
                 }
             }
         }
         else
         {
             if (String.IsNullOrEmpty(existingRule.Mask))
             {
                 if (IPUtilities.IsInSameSubnet(existingRule.IpAddress, newRule.IpAddress, newRule.Mask))
                 {
                     if (newRule.AllowedMode == existingRule.AllowedMode)
                     {
                         DialogResult result = MessageBox.Show(this, "This exception rule overlaps with rule: " + existingRule.ToString() + ". Add it anyway?", this.Text, MessageBoxButtons.YesNoCancel, MessageBoxIcon.Warning, MessageBoxDefaultButton.Button1);
                         if (result == DialogResult.Yes)
                         {
                             return(true);
                         }
                         else
                         {
                             return(false);
                         }
                     }
                     else
                     {
                         MessageBox.Show(this, "This exception rule conflicts with rule: " + existingRule.ToString(), this.Text, MessageBoxButtons.OK, MessageBoxIcon.Error, MessageBoxDefaultButton.Button1);
                         return(false);
                     }
                 }
             }
             else
             {
                 if (IPUtilities.IsInSameSubnet(newRule.IpAddress, existingRule.IpAddress, existingRule.Mask) || IPUtilities.IsInSameSubnet(existingRule.IpAddress, newRule.IpAddress, newRule.Mask))
                 {
                     if (newRule.AllowedMode == existingRule.AllowedMode)
                     {
                         DialogResult result = MessageBox.Show(this, "This exception rule overlaps with rule: " + existingRule.ToString() + ". Add it anyway?", this.Text, MessageBoxButtons.YesNoCancel, MessageBoxIcon.Warning, MessageBoxDefaultButton.Button1);
                         if (result == DialogResult.Yes)
                         {
                             return(true);
                         }
                         else
                         {
                             return(false);
                         }
                     }
                     else
                     {
                         MessageBox.Show(this, "This exception rule conflicts with rule: " + existingRule.ToString(), this.Text, MessageBoxButtons.OK, MessageBoxIcon.Error, MessageBoxDefaultButton.Button1);
                         return(false);
                     }
                 }
             }
         }
     }
     return(true);
 }
        /// <summary>
        /// Handles the begin request event. this is the place where the actual check is performed
        /// </summary>
        /// <param name="sender">The HttpApplication to extract the request from</param>
        /// <param name="e">Not used</param>
        void context_BeginRequest(object sender, EventArgs e)
        {
            HttpApplication application = (HttpApplication)sender;
            HttpContext     context     = application.Context;

            //Get module config
            GeoblockConfigurationSection moduleConfiguration = (GeoblockConfigurationSection)WebConfigurationManager.GetSection(context, GeoblockConfigurationSection.SectionName, typeof(GeoblockConfigurationSection));

            if (!moduleConfiguration.Enabled)
            {
                return;
            }

            //Get the ip's of the request. All the IP's must be checked
            List <System.Net.IPAddress> ipAddressesToCheck = new List <System.Net.IPAddress>();
            string ipNotificationString = string.Empty;

            try
            {
                string ip = context.Request.UserHostAddress;
                ipNotificationString += "Request IP: [" + ip + "]";
                System.Net.IPAddress ipAddress = System.Net.IPAddress.Parse(ip.Trim());
                ipAddressesToCheck.Add(ipAddress);
            }
            catch { }

            //Could be behind proxy, so check forwarded IP's
            string forwardedIps = context.Request.ServerVariables["HTTP_X_FORWARDED_FOR"];

            if (!String.IsNullOrEmpty(forwardedIps))
            {
                ipNotificationString += " Forwarded IP's: [" + forwardedIps + "]";
                //The HTTP_X_FORWARDED_FOR value can contain more then one entry (, seperated)
                string[] ips = forwardedIps.Split(",".ToCharArray(), StringSplitOptions.RemoveEmptyEntries);
                foreach (string ip in ips)
                {
                    try
                    {
                        System.Net.IPAddress ipAddress = System.Net.IPAddress.Parse(ip.Trim());
                        ipAddressesToCheck.Add(ipAddress);
                    }
                    catch { }
                }
            }

            string[] selectedCountryCodes = new string[moduleConfiguration.SelectedCountryCodes.Count];
            int      i = 0;

            foreach (CountryConfigurationElement country in moduleConfiguration.SelectedCountryCodes)
            {
                selectedCountryCodes[i] = country.Code;
                i++;
            }
            ExceptionRule[] exceptionRules = new ExceptionRule[moduleConfiguration.ExceptionRules.Count];
            i = 0;
            foreach (ExceptionRuleConfigurationElement exceptionRule in moduleConfiguration.ExceptionRules)
            {
                exceptionRules[i] = new ExceptionRule(exceptionRule.AllowedMode, exceptionRule.IpAddress, exceptionRule.Mask);
                i++;
            }

            //Perform the check
            string     resultMessage;
            Geoblocker geoBlocker = new Geoblocker(moduleConfiguration.GeoIpFilepath, selectedCountryCodes, moduleConfiguration.AllowedMode, exceptionRules);

            if (!geoBlocker.Allowed(ipAddressesToCheck, out resultMessage))
            {
                switch (moduleConfiguration.DenyAction)
                {
                case "Unauthorized":
                    context.Response.StatusCode        = 401;
                    context.Response.SubStatusCode     = 503;
                    context.Response.StatusDescription = "IP is blocked by GeoIP2block Module. " + ipNotificationString + ". " + resultMessage;
                    context.Response.SuppressContent   = true;
                    context.Response.End();
                    break;

                case "Forbidden":
                    context.Response.StatusCode        = 403;
                    context.Response.SubStatusCode     = 503;
                    context.Response.StatusDescription = "IP is blocked by GeoIP2block Module. " + ipNotificationString + ". " + resultMessage;
                    context.Response.SuppressContent   = true;
                    context.Response.End();
                    break;

                case "NotFound":
                    context.Response.StatusCode        = 404;
                    context.Response.SubStatusCode     = 503;
                    context.Response.StatusDescription = "IP is blocked by GeoIP2block Module. " + ipNotificationString + ". " + resultMessage;
                    context.Response.SuppressContent   = true;
                    context.Response.End();
                    break;

                case "Abort":
                    context.Request.Abort();
                    break;
                }
            }
        }
Exemple #6
0
        /// <summary>
        /// Handles the begin request event. this is the place where the actual check is performed
        /// </summary>
        /// <param name="sender">The HttpApplication to extract the request from</param>
        /// <param name="e">Not used</param>
        void context_BeginRequest(object sender, EventArgs e)
        {
            HttpApplication application = (HttpApplication)sender;
            HttpContext     context     = application.Context;

            //Get module config
            GeoblockConfigurationSection moduleConfiguration = (GeoblockConfigurationSection)WebConfigurationManager.GetSection(context, GeoblockConfigurationSection.SectionName, typeof(GeoblockConfigurationSection));

            if (!moduleConfiguration.Enabled)
            {
                return;
            }

            //Get the ip's of the request. All the IP's must be checked
            List <System.Net.IPAddress> ipAddressesToCheck = new List <System.Net.IPAddress>();
            string ipNotificationString = string.Empty;

            try
            {
                string ip = context.Request.UserHostAddress;
#if DEBUG
                this.DbgWrite(string.Format("REMOTE_ADDR: {0}", ip));
#endif
                ipNotificationString += "Request IP: [" + ip + "]";
                System.Net.IPAddress ipAddress = System.Net.IPAddress.Parse(ip.Trim());
                ipAddressesToCheck.Add(ipAddress);
            }
            catch { }

            //Could be behind proxy, so check forwarded IP's
            string forwardedIps = context.Request.ServerVariables["HTTP_X_FORWARDED_FOR"];
#if DEBUG
            this.DbgWrite(string.Format("HTTP_X_FORWARDED_FOR: {0}", forwardedIps));
#endif
            if (!String.IsNullOrEmpty(forwardedIps))
            {
                ipNotificationString += " Forwarded IP's: [" + forwardedIps + "]";
                //The HTTP_X_FORWARDED_FOR value can contain more then one entry (, seperated)
                string[] ips = forwardedIps.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries);
                foreach (string ip in ips)
                {
                    try
                    {
                        System.Net.IPAddress ipAddress;
                        // Forwarded IP's in Application Request Routing might contain port
                        if (ip.Contains(":"))
                        {
                            ipAddress = System.Net.IPAddress.Parse(ip.Split(new char[] { ':' }, StringSplitOptions.RemoveEmptyEntries)[0].Trim());
                        }
                        else
                        {
                            ipAddress = System.Net.IPAddress.Parse(ip.Trim());
                        }
                        ipAddressesToCheck.Add(ipAddress);
                    }
                    catch { }
                }
            }
            // Make new unique list
            List <System.Net.IPAddress> ipAddressesToCheckUnique = ipAddressesToCheck.Distinct().ToList();
#if DEBUG
            ArrayList ipToCheck = new ArrayList();
            foreach (IPAddress ipAddress in ipAddressesToCheckUnique)
            {
                ipToCheck.Add(ipAddress.ToString());
            }
            this.DbgWrite(string.Format("Requestor IP address('s): {0}{1}", GeoblockHttpModule.ConvertStringArrayToStringJoin((string[])ipToCheck.ToArray(typeof(string))), Environment.NewLine));
#endif
            string[] selectedCountryCodes = new string[moduleConfiguration.SelectedCountryCodes.Count];
            int      i = 0;
            foreach (CountryConfigurationElement country in moduleConfiguration.SelectedCountryCodes)
            {
                selectedCountryCodes[i] = country.Code;
                i++;
            }
#if DEBUG
            this.DbgWrite(string.Format("CountryCodes: {0} AllowedMode: {1}{2}", GeoblockHttpModule.ConvertStringArrayToStringJoin(selectedCountryCodes), moduleConfiguration.AllowedMode, Environment.NewLine));
#endif
            ExceptionRule[] exceptionRules = new ExceptionRule[moduleConfiguration.ExceptionRules.Count];
            i = 0;
            foreach (ExceptionRuleConfigurationElement exceptionRule in moduleConfiguration.ExceptionRules)
            {
                exceptionRules[i] = new ExceptionRule(exceptionRule.AllowedMode, exceptionRule.IpAddress, exceptionRule.Mask);
#if DEBUG
                if (!string.IsNullOrEmpty(exceptionRule.Mask))
                {
                    this.DbgWrite(string.Format("exceptionRule: AllowedMode: {0}, Requestor: {1} ({2}){3}", exceptionRule.AllowedMode, exceptionRule.IpAddress, exceptionRule.Mask, Environment.NewLine));
                }
                else
                {
                    this.DbgWrite(string.Format("exceptionRule: AllowedMode: {0}, Requestor: {1}{2}", exceptionRule.AllowedMode, exceptionRule.IpAddress, Environment.NewLine));
                }
#endif
                i++;
            }

            //Perform the check
            string     resultMessage;
            Geoblocker geoBlocker = new Geoblocker(moduleConfiguration.GeoIpFilepath, selectedCountryCodes, moduleConfiguration.AllowedMode, exceptionRules, moduleConfiguration.VerifyAll);
            if (!geoBlocker.Allowed(ipAddressesToCheckUnique, out resultMessage))
            {
#if DEBUG
                this.DbgWrite(string.Concat("IP is blocked by GeoIP2block Module. ", ipNotificationString, ". ", resultMessage));
                this.DbgWrite(string.Format("DenyAction: {0} ", moduleConfiguration.DenyAction));
#endif
                switch (moduleConfiguration.DenyAction)
                {
                case "Unauthorized":
                    context.Response.StatusCode        = 401;
                    context.Response.SubStatusCode     = 503;
                    context.Response.StatusDescription = string.Concat("IP is blocked by GeoIP2block Module. ", ipNotificationString, ". ", resultMessage);
                    context.Response.SuppressContent   = true;
                    context.Response.End();
                    break;

                case "Forbidden":
                    context.Response.StatusCode        = 403;
                    context.Response.SubStatusCode     = 503;
                    context.Response.StatusDescription = string.Concat("IP is blocked by GeoIP2block Module. ", ipNotificationString, ". ", resultMessage);
                    context.Response.SuppressContent   = true;
                    context.Response.End();
                    break;

                case "NotFound":
                    context.Response.StatusCode        = 404;
                    context.Response.SubStatusCode     = 503;
                    context.Response.StatusDescription = string.Concat("IP is blocked by GeoIP2block Module. ", ipNotificationString, ". ", resultMessage);
                    context.Response.SuppressContent   = true;
                    context.Response.End();
                    break;

                case "Abort":
                    context.Request.Abort();
                    break;
                }
            }
#if DEBUG
            else
            {
                this.DbgWrite(string.Format("DenyAction: {0} ", resultMessage));
            }
#endif
        }