protected virtual void Dispose(bool disposing) { if (!_disposed) { if (disposing) { application.Dispose(); application = null; config = null; } _disposed = true; } }
public GateKeeperSettings Load() { GateKeeperSettings config = null; GateKeeperModule module = new GateKeeperModule(); HttpContext current = HttpContext.Current; HttpRequest request = current.Request; string currUrl = current.Request.Url.ToString(); string basePath = currUrl.Substring(0, currUrl.IndexOf(current.Request.Url.Host) + current.Request.Url.Host.Length); Uri url = new Uri(basePath); List <WebSiteControllerRule> rules = WebSiteControllerConfig.GetRulesForSiteCollection(url, module.RuleType); foreach (WebSiteControllerRule rule in rules) { //string props = rule.Properties.ToString(); if (rule.Properties.ContainsKey("GateKeeper")) { if (config == null) { try { string gateconfig = rule.Properties["GateKeeper"].ToString(); config = new JavaScriptSerializer().Deserialize <GateKeeperSettings>(Encryption.Decrypt(gateconfig)); config._guid = rule.Id; break; } catch (Exception ex) { ex.ToString(); //throw; } } } } if (config != null) { return(config); } else { return(new GateKeeperSettings()); } }
void WebSiteControllerModule_OnBeginRequest(object sender, EventArgs e) { //Uri _url = (sender as HttpApplication).Context.Request.Url; //Debug.WriteLine("Start GateKeeper:" + DateTime.Now + " : " + _url.OriginalString); application = (HttpApplication)sender; string absolutePath = application.Request.Url.AbsolutePath.ToLower(); if (absolutePath.Contains(".dll") || absolutePath.Contains(".asmx") || absolutePath.Contains(".svc") || absolutePath.Contains("favicon.ico")) { return; } HttpContext current = ((HttpApplication)sender).Context; HttpRequest request = current.Request; string currUrl = current.Request.Url.ToString(); string basePath = currUrl.Substring(0, currUrl.IndexOf(current.Request.Url.Host) + current.Request.Url.Host.Length); Uri url = new Uri(basePath); config = config.Load(); if (config != null && config._guid != Guid.Empty) { // Check if GK is enabled and is not a system handle if (!config.EnableGateKeeper || currUrl.ToLower().Contains("/error/") || currUrl.ToLower().Contains("/style library/") || currUrl.ToLower().Contains("/_layouts/") || currUrl.ToLower().Contains("/_vti_bin/") || currUrl.ToLower().Contains("gatekeeperservice.svc")) { return; } // Checking if UserAgent is empty and if GK should block empty UserAgents if (string.IsNullOrEmpty(request.UserAgent) && config.DenyEmptyUserAgent) { application.Server.ClearError(); application.Response.StatusCode = (int)HttpStatusCode.Forbidden; throw (new HttpException((int)HttpStatusCode.Forbidden, "Empty UserAgents are not Allowed.")); } // Check if request matches a whitelist if (Whitelist.OnWhiteList(current)) { //log.Debug("Request passed WhiteList check - let them pass"); return; } // Check if request matches a whitelist if (Blacklist.OnBlackList(current)) { application.Server.ClearError(); application.Response.StatusCode = (int)HttpStatusCode.Forbidden; throw (new HttpException((int)HttpStatusCode.Forbidden, "Your Black Listed on this Site.")); } // Check IP Address against HttpBL if (Http.IsHTTP(current)) { application.Server.ClearError(); application.Response.StatusCode = (int)HttpStatusCode.Forbidden; throw (new HttpException((int)HttpStatusCode.Forbidden, "This Computer has been flagged as dangerous.")); } // Check IP Address against DroneBL if (Drone.IsDrone(current)) { application.Server.ClearError(); application.Response.StatusCode = (int)HttpStatusCode.Forbidden; throw (new HttpException((int)HttpStatusCode.Forbidden, "This Computer is a Drone.")); } // Check if IP is an Open Proxy if (Proxy.IsProxy(current)) { application.Server.ClearError(); application.Response.StatusCode = (int)HttpStatusCode.Forbidden; throw (new HttpException((int)HttpStatusCode.Forbidden, "This Proxy is not allowed.")); } // Check if request is hotlinked if (config.BlockHotLinking && Hotlink.IsHotLink(current)) { application.Server.ClearError(); application.Response.StatusCode = (int)HttpStatusCode.Forbidden; throw (new HttpException((int)HttpStatusCode.Forbidden, "Hotlinking is not allowed.")); } // Check if request is a honeypot violator if (config.EnableHoneyPot && Honeypot.IsHoney(current)) { application.Server.ClearError(); application.Response.StatusCode = (int)HttpStatusCode.Forbidden; throw (new HttpException((int)HttpStatusCode.Forbidden, "Your visting the Honeypot.")); } // Check if request is for virtual honeypot stats url if (config.EnableHoneyPotStats && !string.IsNullOrEmpty(config.HoneyPotStatsPath) && Regex.IsMatch(request.Url.AbsolutePath, config.HoneyPotStatsPath, RegexOptions.IgnoreCase)) { HoneyPotStats.Display(); } // Request passed all checks - let them pass } //return; }