Esempio n. 1
0
        public void Save(cmSite site, SiteAccessRule rule, bool logChanges = true)
        {
            string         filePath = HostingEnvironment.MapPath(string.Format("~/Views/{0}/.config/SiteAccessRule", site.DistinctName));
            SiteAccessRule cached   = HttpRuntime.Cache[filePath] as SiteAccessRule;

            string relativePath = "/.config/site_access_rule.setting";
            string name         = "Access Control";

            cached = rule;
            HttpRuntime.Cache.Insert(filePath
                                     , cached
                                     , new CacheDependencyEx(new string[] { filePath }, false)
                                     , Cache.NoAbsoluteExpiration
                                     , Cache.NoSlidingExpiration
                                     , CacheItemPriority.NotRemovable
                                     , null
                                     );

            if (logChanges)
            {
                Revisions.BackupIfNotExists(site, filePath, relativePath, name);
            }

            ObjectHelper.BinarySerialize <SiteAccessRule>(rule, filePath);

            if (logChanges)
            {
                Revisions.Backup(site, filePath, relativePath, name);
            }
        }
Esempio n. 2
0
        public static SiteAccessRule Get(cmSite site, bool useCache = true)
        {
            string         filePath = HostingEnvironment.MapPath(string.Format("~/Views/{0}/.config/SiteAccessRule", site.DistinctName));
            SiteAccessRule cached   = HttpRuntime.Cache[filePath] as SiteAccessRule;

            if (useCache && cached != null)
            {
                return(cached);
            }

            cached = ObjectHelper.BinaryDeserialize <SiteAccessRule>(filePath, new SiteAccessRule());

            HttpRuntime.Cache.Insert(filePath
                                     , cached
                                     , new CacheDependencyEx(new string[] { filePath }, false)
                                     , Cache.NoAbsoluteExpiration
                                     , Cache.NoSlidingExpiration
                                     , CacheItemPriority.NotRemovable
                                     , null
                                     );
            return(cached);
        }
Esempio n. 3
0
        private bool IsIpAddressBlocked(cmSite site)
        {
            try
            {
                string ip = HttpContext.Current.Request.GetRealUserAddress();

                SiteAccessRule rule = SiteAccessRule.Get(site);


                bool isBlocked = false;
                int  countryId = IPLocation.GetByIP(ip).CountryID;
                if (rule.CountriesFilterType == SiteAccessRule.FilterType.Exclude)
                {
                    isBlocked = (null != rule.CountriesList && rule.CountriesList.Count > 0) ? rule.CountriesList.Contains(countryId) : false;
                }
                if (rule.CountriesFilterType == SiteAccessRule.FilterType.Include)
                {
                    isBlocked = (null != rule.CountriesList && rule.CountriesList.Count > 0) ? !rule.CountriesList.Contains(countryId) :  true;
                }
                if (!isBlocked)
                {
                    switch (rule.AccessMode)
                    {
                    case SiteAccessRule.AccessModeType.NotSet:
                        isBlocked = rule.IsWhitelistMode ? !rule.IPAddresses.ContainsKey(ip) : rule.IPAddresses.ContainsKey(ip);
                        break;

                    case SiteAccessRule.AccessModeType.Whitelist:
                        isBlocked = !rule.IPAddresses.ContainsKey(ip);
                        break;

                    case SiteAccessRule.AccessModeType.Blacklist:
                        isBlocked = rule.IPAddresses.ContainsKey(ip);
                        break;

                    case SiteAccessRule.AccessModeType.SoftLaunch:
                        if (rule.IPAddresses.ContainsKey(ip))
                        {
                            isBlocked = false;
                        }
                        else
                        {
                            if (rule.IPAddresses.Count < rule.SoftLaunchNumber)
                            {
                                isBlocked = false;
                                //add the current ip to the ip addresses
                                rule.IPAddresses.Add(ip, ip);
                                rule.Save(site, rule, false);
                            }
                            else
                            {
                                isBlocked = true;
                            }
                        }
                        break;
                    }
                }
                if (isBlocked)
                {
                    if (ip.StartsWith("10.0.", StringComparison.InvariantCulture) ||
                        ip.StartsWith("192.168.", StringComparison.InvariantCulture) ||
                        ip.StartsWith("109.205.9", StringComparison.InvariantCulture) ||
                        ip.StartsWith("78.133.", StringComparison.InvariantCulture) ||
                        ip.StartsWith("172.16.111.", StringComparison.InvariantCulture) ||
                        ip.StartsWith("95.131.233.", StringComparison.InvariantCulture) ||
                        ip.Equals("127.0.0.1", StringComparison.InvariantCulture) ||
                        ip.Equals("85.9.28.130", StringComparison.InvariantCulture) ||
                        ip.Equals("124.233.3.10", StringComparison.InvariantCulture) ||
                        ip.Equals("119.39.124.139", StringComparison.InvariantCulture))
                    {
                        return(false);
                    }
                }

                if (isBlocked)
                {
                    HttpContext.Current.Response.ContentType = "text/html";
                    HttpContext.Current.Response.Write(rule.BlockedMessage.Replace("$IP$", ip));
                    //HttpContext.Current.Response.End();
                    HttpContext.Current.Response.Flush();                      // Sends all currently buffered output to the client.
                    HttpContext.Current.Response.SuppressContent = true;       // Gets or sets a value indicating whether to send HTTP content to the client.
                    HttpContext.Current.ApplicationInstance.CompleteRequest(); // Causes ASP.NET to bypass all events and filtering in the HTTP pipeline chain of execution and directly execute the EndRequest event.
                }

                return(isBlocked);
            }
            catch
            {
                return(false);
            }
        }