/// <summary> /// Filters an incoming HTTP request based on the configured rules engine. /// </summary> public Task Invoke(HttpContext context) { return (_ruleEngine.IsAllowed(context) ? _next.Invoke(context) : DenyAccess(context)); }
public bool VerifyIPEndPoint(IPAddress address) { InitFirewallRules(); var httpContext = new DefaultHttpContext(); httpContext.Connection.RemoteIpAddress = address; var result = _firewallRule.IsAllowed(httpContext); if (result) { return(true); } if (address.IsIPv4MappedToIPv6) { httpContext.Connection.RemoteIpAddress = address.MapToIPv4(); return(_firewallRule.IsAllowed(httpContext)); } return(false); }
/// <summary> /// Denotes whether a given <see cref="HttpContext"/> is permitted to access the web server. /// </summary> public bool IsAllowed(HttpContext context) { var remoteIpAddress = context.Connection.RemoteIpAddress; var(isAllowed, ip) = MatchesAnyIPAddress(remoteIpAddress); context.LogDebug( typeof(IPAddressRule), isAllowed, isAllowed ? $"it matched '{ip}'" : "it didn't match any known IP address"); return(isAllowed || _nextRule.IsAllowed(context)); }
/// <summary> /// Denotes whether a given <see cref="HttpContext"/> is permitted to access the web server. /// </summary> public bool IsAllowed(HttpContext context) { var remoteIpAddress = context.Connection.RemoteIpAddress; var(isAllowed, cidr) = MatchesAnyIPAddressRange(remoteIpAddress); context.LogDebug( typeof(IPAddressRangeRule), isAllowed, isAllowed ? $"it belongs to '{cidr}' address range" : "it didn't belong to any known address range"); return(isAllowed || _nextRule.IsAllowed(context)); }
/// <summary> /// Denotes whether a given <see cref="HttpContext"/> is permitted to access the web server. /// </summary> public bool IsAllowed(HttpContext context) { IPAddress remoteIpAddress; if (IPAddress.TryParse(context.Request.Headers[_reverseProxyHeader], out remoteIpAddress)) { var(isClientIPAllowed, ip) = MatchesAnyIPAddress(remoteIpAddress, _allowedClientIPAddresses); var(isReversProxyIPValid, _) = MatchesAnyIPAddress(context.Connection.RemoteIpAddress, _reverseProxyIPAddresses); // the ip addresses of the reverse proxy var(isReversProxyIPInCIDR, _) = MatchesAnyIPAddressRange(context.Connection.RemoteIpAddress, _reverseProxyCIDRs); // the ip addresses of the reverse proxy context.LogDebug( typeof(IPAddressRule), isClientIPAllowed, isClientIPAllowed ? "it matched '{ipAddress}'" : "it didn't match any known IP address", ip); return((isClientIPAllowed && (isReversProxyIPValid || isReversProxyIPInCIDR)) || _nextRule.IsAllowed(context)); } else { context.Log(Microsoft.Extensions.Logging.LogLevel.Error, typeof(ReverseProxyClientIPAddressRule), "Invalid reverse proxy header '{_reverseProxyHeader}' or unable to parse remote ip : " + context.Request.Headers[_reverseProxyHeader], _reverseProxyHeader); return(false); } }
/// <summary> /// Denotes whether a given <see cref="HttpContext"/> is permitted to access the web server. /// </summary> public bool IsAllowed(HttpContext context) { return(_filter(context) || _nextRule.IsAllowed(context)); }
/// <summary> /// Denotes whether a given <see cref="HttpContext"/> is permitted to access the web server based on the client ip and requested host name. /// </summary> public bool IsAllowed(HttpContext context) { var remoteIpAddress = context.Connection.RemoteIpAddress; var(isAllowed, ip) = MatchesAnyIPAddress(remoteIpAddress); context.LogDebug( typeof(IPAddressRule), isAllowed, isAllowed ? "it matched '{ipAddress}'" : "it didn't match any known IP address", ip); //ip is valid and the hostname is matching, or check next rule return((isAllowed && context.Request.Host.ToString().ToLower().Contains(_hostNamePartial.ToLower())) || _nextRule.IsAllowed(context)); }