Exemplo n.º 1
0
        public void TestKeyBlacklistingAndWhitelisting()
        {
            var ip  = GetRandomIP();
            var key = GetRandomKey();

            Assert.AreEqual(
                Hacker.Result.Allowed,
                Hacker.DefendAsync(key, ip).Run(),
                string.Format("Allow traffic on {0} from {1}", key, ip));

            Hacker.BlacklistKeyAsync(key, TimeSpan.FromMinutes(5)).Run();

            Assert.AreEqual(
                Hacker.Result.KeyBlocked,
                Hacker.DefendAsync(key, ip).Run(),
                string.Format("Block traffic on {0} from {1}", key, ip));

            Assert.AreEqual(
                Hacker.Result.KeyBlocked,
                Hacker.DefendAsync(key, GetRandomIP()).Run(),
                string.Format("Allow any traffic from {1}", key, ip));

            Hacker.WhitelistKeyAsync(key).Run();

            Assert.AreEqual(
                Hacker.Result.Allowed,
                Hacker.DefendAsync(key, ip).Run(),
                string.Format("Allow traffic on {0} from {1} after whitelist", key, ip));
        }
Exemplo n.º 2
0
        public void ClearAllHits()
        {
            Func <string> keyGenerator = () => { return("ClearAllHits" + GetRandomKey()); };
            var           keys         = new List <string>();
            var           random       = new Random((int)DateTime.Now.Ticks);
            var           startTime    = DateTime.Now;

            Parallel.For(0, 10,
                         hit =>
            {
                var key = keyGenerator();
                keys.Add(key);

                var hits = 1 + random.Next(Hacker.Config.MaxHitsPerKey - 1);

                for (var i = 0; i < hits; i++)
                {
                    Assert.AreEqual(
                        Hacker.Result.Allowed,
                        Hacker.DefendAsync(key, GetRandomIP()).Run(),
                        "Request must be allowed for a hit on a key");
                }

                Assert.AreEqual(hits, Hacker.GetHitsForKey(key).Run(),
                                "Number of hits must be " + hits + " for key: " + key);
            });

            Hacker.ClearAllHitsAsync().Run();

            foreach (var key in keys)
            {
                Assert.AreEqual(0, Hacker.GetHitsForKey(key).Run(),
                                "After clearing hits Number of hits must be 0 for key: " + key);
            }
        }
Exemplo n.º 3
0
        public void TestOriginBlaclistingAndWhitelisting()
        {
            var ip  = GetRandomIP();
            var key = GetRandomKey();

            Assert.AreEqual(
                Hacker.Result.Allowed,
                Hacker.DefendAsync(key, ip).Run(),
                string.Format("Allow traffic on {0} from {1}", key, ip));

            Hacker.BlacklistOriginAsync(ip).Run();

            Assert.AreEqual(
                Hacker.Result.OriginBlocked,
                Hacker.DefendAsync(key, ip).Run(),
                string.Format("Block traffic on {0} from {1}", key, ip));

            Assert.AreEqual(
                Hacker.Result.OriginBlocked,
                Hacker.DefendAsync(GetRandomKey(), ip).Run(),
                string.Format("Allow any traffic from {1}", key, ip));

            Hacker.WhitelistOriginAsync(ip).Run();

            Assert.AreEqual(
                Hacker.Result.Allowed,
                Hacker.DefendAsync(key, ip).Run(),
                string.Format("Allow traffic on {0} from {1} after whitelist", key, ip));
        }
Exemplo n.º 4
0
        public void TestKeyCustomHitLimit()
        {
            Hacker.Config.MaxHitsPerKey          = 100;
            Hacker.Config.MaxHitsPerOrigin       = 100;
            Hacker.Config.MaxHitsPerKeyPerOrigin = 100;

            var key       = "InvalidLogin-" + GetRandomKey();
            var ip        = GetRandomIP();
            var interval  = TimeSpan.FromMinutes(1);
            var maxHits   = 10;
            var startTime = DateTime.Now;

            Parallel.For(0, maxHits,
                         hit =>
            {
                Assert.AreEqual(
                    Hacker.Result.Allowed,
                    Hacker.DefendAsync(key, ip,
                                       interval, maxHits,
                                       TimeSpan.MaxValue, long.MaxValue,
                                       TimeSpan.MaxValue, long.MaxValue).Run(),
                    "Allow hits on key for custom interval");
            });

            Assert.AreEqual(
                Hacker.Result.TooManyHitsOnKey,
                Hacker.DefendAsync(key, ip,
                                   interval, maxHits,
                                   TimeSpan.MaxValue, long.MaxValue,
                                   TimeSpan.MaxValue, long.MaxValue).Run(),
                "Must not allow hits on key after custom interval");

            Assert.AreEqual(
                Hacker.Result.Allowed,
                Hacker.DefendAsync("InvalidLogin-" + GetRandomKey(), ip,
                                   interval, maxHits,
                                   TimeSpan.MaxValue, long.MaxValue,
                                   TimeSpan.MaxValue, long.MaxValue).Run(),
                "Allow hits on different key from same IP");

            WaitForIntervalToElapse(interval, startTime);

            Assert.AreEqual(
                Hacker.Result.Allowed,
                Hacker.DefendAsync(key, ip,
                                   interval, maxHits,
                                   TimeSpan.MaxValue, long.MaxValue,
                                   TimeSpan.MaxValue, long.MaxValue).Run(),
                "Allow hits on key for after interval has passed.");
        }
Exemplo n.º 5
0
        public void TestMaxHitsPerOrigin()
        {
            Hacker.Config.MaxHitsPerKey          = 20;
            Hacker.Config.MaxHitsPerOrigin       = 10;
            Hacker.Config.MaxHitsPerKeyPerOrigin = 20;

            var           ip           = GetRandomIP();
            Func <string> keyGenerator = () => { return("TestMaxHitsPerOrigin" + GetRandomKey()); };

            var startTime = DateTime.Now;
            var result    = Parallel.For(0, Hacker.Config.MaxHitsPerOrigin,
                                         hit =>
            {
                Assert.AreEqual(
                    Hacker.Result.Allowed,
                    Hacker.DefendAsync(keyGenerator(), ip).Run()
                    );
            });

            while (!result.IsCompleted)
            {
                Thread.Sleep(100);
            }

            Assert.AreEqual(
                Hacker.Config.MaxHitsPerOrigin,
                Hacker.GetHitsFromOrigin(ip).Run(),
                "Number of hits recorded must match");


            // No more requests from same IP
            Assert.AreEqual(
                Hacker.Result.TooManyHitsFromOrigin,
                Hacker.DefendAsync(keyGenerator(), ip).Run()
                );

            // Allow requests from other IPs
            Assert.AreEqual(
                Hacker.Result.Allowed,
                Hacker.DefendAsync(keyGenerator(), GetRandomIP()).Run());


            WaitForIntervalToElapse(Hacker.Config.MaxHitsPerOriginInterval, startTime);

            Assert.AreEqual(
                Hacker.Result.Allowed,
                Hacker.DefendAsync(keyGenerator(), ip).Run(),
                "Allow hits from same origin after expiration time."
                );
        }
Exemplo n.º 6
0
        //[ValidateAntiForgeryToken]
        public async Task <IActionResult> Login(LoginViewModel model, string returnUrl = null)
        {
            var clientIP = Request.HttpContext.Connection.RemoteIpAddress.MapToIPv4();

            return(await Hacker.DefendAsync <IActionResult>(async (success, fail) =>
            {
                // Don't forget to do this check! We use model.Email for key.
                if (string.IsNullOrWhiteSpace(model.Email) || string.IsNullOrWhiteSpace(model.Password))
                {
                    return await fail(View(model));
                }
                ViewData["ReturnUrl"] = returnUrl;
                if (ModelState.IsValid)
                {
                    // This doesn't count login failures towards account lockout
                    // To enable password failures to trigger account lockout, set lockoutOnFailure: true
                    var result = await _signInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, lockoutOnFailure: false);
                    if (result.Succeeded)
                    {
                        _logger.LogInformation(1, "User logged in.");
                        return await success(RedirectToLocal(returnUrl));
                    }
                    if (result.RequiresTwoFactor)
                    {
                        return await success(RedirectToAction(nameof(SendCode), new { ReturnUrl = returnUrl, RememberMe = model.RememberMe }));
                    }
                    if (result.IsLockedOut)
                    {
                        _logger.LogWarning(2, "User account locked out.");
                        return await fail(View("Lockout"));
                    }
                    else
                    {
                        ModelState.AddModelError(string.Empty, "Invalid login attempt.");
                        return await fail(View(model));
                    }
                }

                // If we got this far, something failed, redisplay form
                return await fail(View(model));
            },
                                                            blocked => {
                _logger.LogWarning("Blocked: " + clientIP + " " + model.Email);
                return new StatusCodeResult((int)HttpStatusCode.Forbidden);
            },
                                                            "ValidLogin:"******"InvalidLogin:" + model.Email, 3, TimeSpan.FromMinutes(15),
                                                            clientIP));
        }
Exemplo n.º 7
0
        public void TestMaxHitsOnKeyPerOrigin()
        {
            Hacker.Config.MaxHitsPerKey          = 20;
            Hacker.Config.MaxHitsPerOrigin       = 20;
            Hacker.Config.MaxHitsPerKeyPerOrigin = 10;

            Func <string> keyGenerator = () => { return("TestMaxHitsOnKeyPerOrigin" + GetRandomKey()); };
            var           key          = keyGenerator();
            var           ip           = GetRandomIP();

            var startTime = DateTime.Now;

            Parallel.For(0, Hacker.Config.MaxHitsPerKeyPerOrigin,
                         hit =>
            {
                Assert.AreEqual(
                    Hacker.Result.Allowed,
                    Hacker.DefendAsync(key, ip).Run(),
                    "Allow hits on same key and IP");
            });

            Assert.AreEqual(
                Hacker.Config.MaxHitsPerKeyPerOrigin,
                Hacker.GetHitsForKey(key).Run(),
                "Number of hits recorded must match");

            // No more requests from same key and IP
            Assert.AreEqual(
                Hacker.Result.TooManyHitsOnKeyFromOrigin,
                Hacker.DefendAsync(key, ip).Run());

            Assert.AreEqual(
                Hacker.Result.Allowed,
                Hacker.DefendAsync(keyGenerator(), ip).Run(),
                "From different key, same IP, allow");

            Assert.AreEqual(
                Hacker.Result.Allowed,
                Hacker.DefendAsync(key, GetRandomIP()).Run(),
                "From different IP, same key, allow");

            WaitForIntervalToElapse(Hacker.Config.MaxHitsPerOriginInterval, startTime);

            Assert.AreEqual(
                Hacker.Result.Allowed,
                Hacker.DefendAsync(key, ip).Run(),
                "Allow hits on same key and IP after expiration");
        }
Exemplo n.º 8
0
        public void TestMaxHitsPerKey()
        {
            Hacker.Config.MaxHitsPerKey          = 10;
            Hacker.Config.MaxHitsPerOrigin       = 20;
            Hacker.Config.MaxHitsPerKeyPerOrigin = 20;

            Func <string> keyGenerator = () => { return("TestMaxHitsPerKey" + GetRandomKey()); };
            var           fixedKey     = keyGenerator();

            var startTime = DateTime.Now;

            Parallel.For(0, Hacker.Config.MaxHitsPerKey,
                         hit =>
            {
                Assert.AreEqual(
                    Hacker.Result.Allowed,
                    Hacker.DefendAsync(fixedKey, GetRandomIP()).Run());
            });

            Assert.AreEqual(
                Hacker.Config.MaxHitsPerKey,
                Hacker.GetHitsForKey(fixedKey).Run(),
                "Number of hits recorded must match");

            Assert.AreEqual(
                Hacker.Result.TooManyHitsOnKey,
                Hacker.DefendAsync(fixedKey, GetRandomIP()).Run());

            var ip = GetRandomIP();

            Assert.AreEqual(
                Hacker.Result.Allowed,
                Hacker.DefendAsync(keyGenerator(), ip).Run(),
                "Allow traffic from aonther key on same IP");

            WaitForIntervalToElapse(Hacker.Config.MaxHitsPerKeyInterval, startTime);

            // Hit from another IP using same key should be allowed
            Assert.AreEqual(
                Hacker.Result.Allowed,
                Hacker.DefendAsync(fixedKey, GetRandomIP()).Run(),
                "After expiration time, key must be unblocked");
        }
Exemplo n.º 9
0
        public async Task <ActionResult> LogOn(string username, string password)
        {
            // This handles load balancers passing the original client IP
            // through this header.
            // WARNING: If you load balancer is not passing original client IP
            // through this header, then you will be blocking your load balancer,
            // causing a total outage. Also ensure this Header cannot be spoofed.
            var originIP = Request.GetClientIp();

            // Don't forget to do this check!
            if (string.IsNullOrWhiteSpace(username) || string.IsNullOrWhiteSpace(password))
            {
                TempData[TempDataConstants.ERROR_MESSAGE] = "Invalid username or password";
                return(View("~/Views/Account/LogOn.cshtml"));
            }

            return(await Hacker.DefendAsync <ActionResult>(async (success, fail) =>
            {
                var user = DataStore.Users.Where(u => u.Username == username &&
                                                 u.Password == password).FirstOrDefault();
                if (user != null)
                {
                    Session[SessionConstants.USER] = user;
                    return await success(RedirectToAction("Index", "Home"));
                }
                else
                {
                    TempData[TempDataConstants.ERROR_MESSAGE] = "Invalid username or password";
                    return await fail(View("~/Views/Account/LogOn.cshtml"));
                }
            },
                                                           blocked => new HttpStatusCodeResult(HttpStatusCode.Forbidden),
                                                           "ValidLogin:"******"InvalidLogin:" + username, MaxInvalidLogin, MaxInvalidLoginInterval,
                                                           originIP
                                                           ));
        }
        // GET api/values/5
        public async Task <IHttpActionResult> Get(int id)
        {
            var originIP = "0.0.0.1";

            var ip = IPAddress.Parse(originIP);

            return(await Hacker.DefendAsync <IHttpActionResult>(
                       async (success, fail) =>
            {
                if (id == 5)
                {
                    return await success(Ok($"sms for id {id}"));
                }
                else
                {
                    return await fail(BadRequest($"bad request for id {id}"));
                }
            },
                       blocked => new ResponseMessageResult(new HttpResponseMessage(HttpStatusCode.Forbidden)),
                       validActionKey : "ValidLogin:"******"InvalidLogin:" + id, maxInvalidAttempt : MaxInvalidLogin, invalidAttemptInterval : MaxInvalidLoginInterval,
                       origin : ip
                       ));
        }
Exemplo n.º 11
0
        public static async Task <Hacker.Result> DefendURL(HttpContext context)
        {
            Hacker.Result result = Hacker.Result.Allowed;
            Stopwatch     watch  = new Stopwatch();

            watch.Start();

            if (!Initialized)
            {
                lock (lockObject)
                {
                    if (!Initialized)
                    {
                        Hacker.Logger = new TraceLogger();
                        Hacker.Logger.LogInformation(ClassName + ' ' + "Initialize");
                        Hacker.Store = new RedisDefenceStore(HackerSprayConfig.Settings.Redis,
                                                             HackerSprayConfig.Settings.Prefix,
                                                             Hacker.Config);
                        Hacker.Logger.LogInformation(ClassName + ' ' + " Initialized");
                        Initialized = true;
                    }
                }
            }

            // This handles load balancers passing the original client IP
            // through this header.
            // WARNING: If your load balancer is not passing original client IP
            // through this header, then you will be blocking your load balancer,
            // causing a total outage. Also ensure this Header cannot be spoofed.
            // Your load balancer should be configured in a way that it does not accept
            // this header from the request, instead it always sets it itself.
            var originIP = context.Request.GetClientIp();

            foreach (var path in HackerSprayConfig.Settings.Paths)
            {
                if ((path.Post && context.Request.HttpMethod == "POST") ||
                    (!path.Post && context.Request.HttpMethod == "GET") &&
                    path.Name == context.Request.Path)
                {
                    Hacker.Logger.LogDebug(ClassName + ' ' + "Path matched: " + context.Request.Path);
                    if (path.Mode == "key")
                    {
                        result = await Hacker.DefendAsync(context.Request.Path, originIP,
                                                          path.Interval, path.MaxAttempts,
                                                          TimeSpan.MaxValue, long.MaxValue,
                                                          TimeSpan.MaxValue, long.MaxValue);

                        if (result == Hacker.Result.TooManyHitsOnKey)
                        {
                            Hacker.Logger.LogInformation(ClassName + ' ' + "TooManyHitsOnKey Blacklist Path: " + context.Request.Path);
                            await Hacker.BlacklistKeyAsync(path.Name, path.Interval);
                        }
                    }
                    else if (path.Mode == "origin")
                    {
                        result = await Hacker.DefendAsync(context.Request.Path, originIP,
                                                          TimeSpan.MaxValue, long.MaxValue,
                                                          path.Interval, path.MaxAttempts,
                                                          TimeSpan.MaxValue, long.MaxValue);

                        if (result == Hacker.Result.TooManyHitsFromOrigin)
                        {
                            Hacker.Logger.LogInformation(ClassName + ' ' + "TooManyHitsFromOrigin Blacklist origin: " + originIP);
                            await Hacker.BlacklistOriginAsync(originIP, path.Interval);
                        }
                    }
                    else //(path.Mode == "key+origin")
                    {
                        result = await Hacker.DefendAsync(context.Request.Path, originIP,
                                                          TimeSpan.MaxValue, long.MaxValue,
                                                          TimeSpan.MaxValue, long.MaxValue,
                                                          path.Interval, path.MaxAttempts);
                    }

                    break;
                }
            }

            watch.Stop();
            Hacker.Logger.LogDebug(ClassName + ' ' + "DefendURL: " + context.Request.Path + " " + watch.ElapsedMilliseconds);
            return(result);
        }
Exemplo n.º 12
0
        public async Task Invoke(HttpContext context)
        {
            var       path  = context.Request.Path;
            Stopwatch watch = new Stopwatch();

            watch.Start();

            if (path.HasValue)
            {
                Debug("Defend Begin: " + path);

                // This handles load balancers passing the original client IP
                // through this header.
                // WARNING: If your load balancer is not passing original client IP
                // through this header, then you will be blocking your load balancer,
                // causing a total outage. Also ensure this Header cannot be spoofed.
                // Your load balancer should be configured in a way that it does not accept
                // this header from the request, instead it always sets it itself.
                var originIP = context.Connection.RemoteIpAddress;
                //if (context.Request.Headers.ContainsKey(XForwardedForHeader))
                //    originIP = IPAddress.Parse(context.Request.Headers[XForwardedForHeader]).MapToIPv4();

                var result = Hacker.Result.Allowed;
                foreach (var key in _keys)
                {
                    if (key.Method == context.Request.Method && key.Key == path)
                    {
                        Debug("Defend: " + path);
                        if (key.Mode == HackerSprayOptionKey.HitCountMode.PerKey)
                        {
                            result = await Hacker.DefendAsync(path, originIP,
                                                              key.Interval, key.MaxAttempts,
                                                              TimeSpan.MaxValue, long.MaxValue,
                                                              TimeSpan.MaxValue, long.MaxValue);

                            if (result == Hacker.Result.TooManyHitsOnKey)
                            {
                                await Hacker.BlacklistKeyAsync(path, key.Interval);
                            }
                        }
                        else if (key.Mode == HackerSprayOptionKey.HitCountMode.PerOrigin)
                        {
                            result = await Hacker.DefendAsync(path, originIP,
                                                              TimeSpan.MaxValue, long.MaxValue,
                                                              key.Interval, key.MaxAttempts,
                                                              TimeSpan.MaxValue, long.MaxValue);

                            if (result == Hacker.Result.TooManyHitsFromOrigin)
                            {
                                await Hacker.BlacklistOriginAsync(originIP, key.Interval);
                            }
                        }
                        else //(key.Item5 == Mode.PerKeyOrigin)
                        {
                            result = await Hacker.DefendAsync(path, originIP,
                                                              TimeSpan.MaxValue, long.MaxValue,
                                                              TimeSpan.MaxValue, long.MaxValue,
                                                              key.Interval, key.MaxAttempts);
                        }

                        Debug("Defend Result: " + Enum.GetName(typeof(Hacker.Result), result));
                        break;
                    }
                }

                watch.Stop();
                Debug("Defend End: " + path + " " + watch.ElapsedMilliseconds);

                if (result == Hacker.Result.Allowed)
                {
                    await _next.Invoke(context);
                }
                else
                {
                    Info("Blocked: " + path);

                    context.Response.StatusCode = (int)HttpStatusCode.NotAcceptable;
                    await context.Response.WriteAsync(Enum.GetName(typeof(Hacker.Result), result));
                }

                //watch.Stop();
                //Debug("Finished: " + path + " " + watch.ElapsedMilliseconds);
            }
            else
            {
                await _next.Invoke(context);
            }
        }
Exemplo n.º 13
0
        public void TestAllowed()
        {
            var result = Hacker.DefendAsync("TestAllowed" + GetRandomKey(), GetRandomIP()).Run();

            Assert.AreEqual(Hacker.Result.Allowed, result);
        }
Exemplo n.º 14
0
        public void TestOriginRangeBlocking()
        {
            Hacker.ClearBlacklistsAsync().Run();
            Hacker.ClearAllHitsAsync().Run();

            var ipsInRange = new[] {
                IPAddress.Parse("10.10.10.10"),
                IPAddress.Parse("10.10.10.11"),
                IPAddress.Parse("10.10.254.254"),
                IPAddress.Parse("10.11.10.9"),
                IPAddress.Parse("10.11.10.10"),
                IPAddress.Parse("9.1.1.1"),
                IPAddress.Parse("9.1.1.10"),
                IPAddress.Parse("9.10.10.9"),
                IPAddress.Parse("10.11.10.12"),
                IPAddress.Parse("127.254.254.254"),
                IPAddress.Parse("100.100.100.100"),
                IPAddress.Parse("128.10.10.12"),
                IPAddress.Parse("128.10.10.254"),
                IPAddress.Parse("128.10.10.128"),
            };

            var ipsOutofRange = new[] {
                IPAddress.Parse("10.10.10.9"),
                IPAddress.Parse("9.10.10.10"),
                IPAddress.Parse("10.11.10.11"),
                IPAddress.Parse("128.10.10.11"),
                IPAddress.Parse("200.200.200.200"),
                IPAddress.Parse("1.1.1.1"),
                IPAddress.Parse("10.0.0.0")
            };

            Hacker.BlacklistOriginAsync(IPAddress.Parse("10.10.10.10"), IPAddress.Parse("10.11.10.10")).Run();
            Hacker.BlacklistOriginAsync(IPAddress.Parse("9.1.1.1"), IPAddress.Parse("9.10.10.9")).Run();
            Hacker.BlacklistOriginAsync(IPAddress.Parse("10.11.10.12"), IPAddress.Parse("127.254.254.254")).Run();
            Hacker.BlacklistOriginAsync(IPAddress.Parse("128.10.10.12"), IPAddress.Parse("128.10.10.254")).Run();

            Array.ForEach(ipsInRange, ip =>
                          Assert.AreEqual(Hacker.Result.OriginBlocked,
                                          Hacker.DefendAsync("TestOriginRangeBlocking", ip).Run(),
                                          ip.ToString() + " must be blocked."));

            Hacker.ClearAllHitsAsync().Run();

            Array.ForEach(ipsOutofRange, ip =>
                          Assert.AreEqual(Hacker.Result.Allowed,
                                          Hacker.DefendAsync("TestOriginRangeBlocking", ip).Run(),
                                          ip.ToString() + " must be allowed"));

            Hacker.WhitelistOriginAsync(IPAddress.Parse("9.1.1.1"), IPAddress.Parse("9.10.10.9")).Run();

            Array.ForEach(new[]
            {
                IPAddress.Parse("9.1.1.1"),
                IPAddress.Parse("9.1.1.10"),
                IPAddress.Parse("9.10.10.9")
            },
                          ip =>
                          Assert.AreEqual(Hacker.Result.Allowed,
                                          Hacker.DefendAsync("TestOriginRangeBlocking", ip).Run(),
                                          ip.ToString() + " must be allowed"));

            Hacker.ClearBlacklistsAsync().Run();
            Hacker.ClearAllHitsAsync().Run();

            Array.ForEach(ipsInRange, ip =>
                          Assert.AreEqual(Hacker.Result.Allowed,
                                          Hacker.DefendAsync("TestOriginRangeBlocking", ip).Run(),
                                          ip.ToString() + " must be allowed when there's no blacklisting."));

            Hacker.ClearAllHitsAsync().Run();

            Array.ForEach(ipsOutofRange, ip =>
                          Assert.AreEqual(Hacker.Result.Allowed,
                                          Hacker.DefendAsync("TestOriginRangeBlocking", ip).Run(),
                                          ip.ToString() + " must be allowed when there's no blacklisting"));
        }