protected virtual void Dispose(bool disposing)
{
if (!_disposed)
{
if (disposing)
{
application.Dispose();
application = null;
config = null;
}
_disposed = true;
}
}
public GateKeeperSettings Load()
{
GateKeeperSettings config = null;
GateKeeperModule module = new GateKeeperModule();
HttpContext current = HttpContext.Current;
HttpRequest request = current.Request;
string currUrl = current.Request.Url.ToString();
string basePath = currUrl.Substring(0, currUrl.IndexOf(current.Request.Url.Host) + current.Request.Url.Host.Length);
Uri url = new Uri(basePath);
List <WebSiteControllerRule> rules = WebSiteControllerConfig.GetRulesForSiteCollection(url, module.RuleType);
foreach (WebSiteControllerRule rule in rules)
{
//string props = rule.Properties.ToString();
if (rule.Properties.ContainsKey("GateKeeper"))
{
if (config == null)
{
try
{
string gateconfig = rule.Properties["GateKeeper"].ToString();
config = new JavaScriptSerializer().Deserialize <GateKeeperSettings>(Encryption.Decrypt(gateconfig));
config._guid = rule.Id;
break;
}
catch (Exception ex)
{
ex.ToString();
//throw;
}
}
}
}
if (config != null)
{
return(config);
}
else
{
return(new GateKeeperSettings());
}
}
void WebSiteControllerModule_OnBeginRequest(object sender, EventArgs e)
{
//Uri _url = (sender as HttpApplication).Context.Request.Url;
//Debug.WriteLine("Start GateKeeper:" + DateTime.Now + " : " + _url.OriginalString);
application = (HttpApplication)sender;
string absolutePath = application.Request.Url.AbsolutePath.ToLower();
if (absolutePath.Contains(".dll") ||
absolutePath.Contains(".asmx") ||
absolutePath.Contains(".svc") ||
absolutePath.Contains("favicon.ico"))
{
return;
}
HttpContext current = ((HttpApplication)sender).Context;
HttpRequest request = current.Request;
string currUrl = current.Request.Url.ToString();
string basePath = currUrl.Substring(0, currUrl.IndexOf(current.Request.Url.Host) + current.Request.Url.Host.Length);
Uri url = new Uri(basePath);
config = config.Load();
if (config != null && config._guid != Guid.Empty)
{
// Check if GK is enabled and is not a system handle
if (!config.EnableGateKeeper || currUrl.ToLower().Contains("/error/") || currUrl.ToLower().Contains("/style library/") || currUrl.ToLower().Contains("/_layouts/") || currUrl.ToLower().Contains("/_vti_bin/") || currUrl.ToLower().Contains("gatekeeperservice.svc"))
{
return;
}
// Checking if UserAgent is empty and if GK should block empty UserAgents
if (string.IsNullOrEmpty(request.UserAgent) && config.DenyEmptyUserAgent)
{
application.Server.ClearError();
application.Response.StatusCode = (int)HttpStatusCode.Forbidden;
throw (new HttpException((int)HttpStatusCode.Forbidden, "Empty UserAgents are not Allowed."));
}
// Check if request matches a whitelist
if (Whitelist.OnWhiteList(current))
{
//log.Debug("Request passed WhiteList check - let them pass");
return;
}
// Check if request matches a whitelist
if (Blacklist.OnBlackList(current))
{
application.Server.ClearError();
application.Response.StatusCode = (int)HttpStatusCode.Forbidden;
throw (new HttpException((int)HttpStatusCode.Forbidden, "Your Black Listed on this Site."));
}
// Check IP Address against HttpBL
if (Http.IsHTTP(current))
{
application.Server.ClearError();
application.Response.StatusCode = (int)HttpStatusCode.Forbidden;
throw (new HttpException((int)HttpStatusCode.Forbidden, "This Computer has been flagged as dangerous."));
}
// Check IP Address against DroneBL
if (Drone.IsDrone(current))
{
application.Server.ClearError();
application.Response.StatusCode = (int)HttpStatusCode.Forbidden;
throw (new HttpException((int)HttpStatusCode.Forbidden, "This Computer is a Drone."));
}
// Check if IP is an Open Proxy
if (Proxy.IsProxy(current))
{
application.Server.ClearError();
application.Response.StatusCode = (int)HttpStatusCode.Forbidden;
throw (new HttpException((int)HttpStatusCode.Forbidden, "This Proxy is not allowed."));
}
// Check if request is hotlinked
if (config.BlockHotLinking && Hotlink.IsHotLink(current))
{
application.Server.ClearError();
application.Response.StatusCode = (int)HttpStatusCode.Forbidden;
throw (new HttpException((int)HttpStatusCode.Forbidden, "Hotlinking is not allowed."));
}
// Check if request is a honeypot violator
if (config.EnableHoneyPot && Honeypot.IsHoney(current))
{
application.Server.ClearError();
application.Response.StatusCode = (int)HttpStatusCode.Forbidden;
throw (new HttpException((int)HttpStatusCode.Forbidden, "Your visting the Honeypot."));
}
// Check if request is for virtual honeypot stats url
if (config.EnableHoneyPotStats &&
!string.IsNullOrEmpty(config.HoneyPotStatsPath) &&
Regex.IsMatch(request.Url.AbsolutePath, config.HoneyPotStatsPath, RegexOptions.IgnoreCase))
{
HoneyPotStats.Display();
}
// Request passed all checks - let them pass
}
//return;
}
