private static Boolean performLookup(HttpContext current)
{
//GateKeeperModule.log.Debug("Beginning lookup");
// start the clock
DateTime _start = DateTime.Now;
// Use test IP if configured
string ip = (!string.IsNullOrEmpty(GateKeeperModule.config.ProxyBLTestIPAddress)) ? GateKeeperModule.config.ProxyBLTestIPAddress : current.Request.UserHostAddress;
string query = string.Format("{0}.{1}", GateKeeperModule.flipIPAddress(ip), "dnsbl.proxybl.org");
// perform the lookup
string lookup = GateKeeperModule.DnsLookup(query, GateKeeperModule.config.ProxyBLTimeout);
// stop the clock
TimeSpan executiontime = DateTime.Now.Subtract(_start);
//GateKeeperModule.log.DebugFormat("Lookup completion time in ms [{0}]", executiontime.Milliseconds.ToString());
// check if we recieved something back
if (string.IsNullOrEmpty(lookup))
{
//GateKeeperModule.log.Debug("Lookup returned no matching domain");
return(false);
}
//GateKeeperModule.log.Debug("Requestor IP address found in lookup");
if (GateKeeperModule.config.EnableProxyBLLogging)
{
AddProxy(current);
}
if (!GateKeeperModule.config.DenyProxyBLSuspect)
{
//GateKeeperModule.log.Debug("Skipping deny as per config settings");
return(false);
}
// Deny access to suspected spammer
return(true);
}
private static Boolean performLookup(HttpContext current)
{
//GateKeeperModule.log.Debug("Beginning lookup");
// start the clock
DateTime _start = DateTime.Now;
// Use test IP if configured
string ip = (!string.IsNullOrEmpty(GateKeeperModule.config.HttpBLTestIPAddress)) ? GateKeeperModule.config.HttpBLTestIPAddress : current.Request.UserHostAddress;
string query = string.Format("{0}.{1}.{2}", GateKeeperModule.config.HttpBLKeyCode, GateKeeperModule.flipIPAddress(ip), "dnsbl.httpbl.org");
// perform the lookup
string lookup = GateKeeperModule.DnsLookup(query, GateKeeperModule.config.HttpBLTimeout);
// stop the clock
TimeSpan executiontime = DateTime.Now.Subtract(_start);
//GateKeeperModule.log.DebugFormat("Lookup completion time in ms [{0}]", executiontime.Milliseconds.ToString());
// check if we recieved something back
if (string.IsNullOrEmpty(lookup))
{
//GateKeeperModule.log.Debug("Lookup returned no matching domain");
return(false);
}
// Split out response
Regex parse = new Regex("(?<status>\\d+)\\.(?<days>\\d+)\\.(?<threat>\\d+)\\.(?<type>\\d+)", RegexOptions.Compiled);
Match match = parse.Match(lookup);
// Match found, load the lookup values
int lastactivity = int.Parse(match.Groups["days"].Value);
int threatscore = int.Parse(match.Groups["threat"].Value);
int visitortype = int.Parse(match.Groups["type"].Value);
// See if threatscore is greater than threshold set by user
if (threatscore >= GateKeeperModule.config.ThreatScoreThreshold)
{
//GateKeeperModule.log.Debug("Requestor IP address equal to or above threatscore threshold");
if (GateKeeperModule.config.EnableHttpBLLogging)
{
AddHttp(current, threatscore, visitortype, lastactivity);
}
// Check if only check and no deny
if (!GateKeeperModule.config.DenyHttpBLSuspect)
{
//GateKeeperModule.log.Debug("Skipping deny as per config settings");
return(false);
}
// Deny access to suspected spammer
return(true);
}
else
{
//GateKeeperModule.log.Debug("Requestor IP address below threatscore threshold");
return(false);
}
}
