private static Boolean performLookup(HttpContext current) { //GateKeeperModule.log.Debug("Beginning lookup"); // start the clock DateTime _start = DateTime.Now; // Use test IP if configured string ip = (!string.IsNullOrEmpty(GateKeeperModule.config.ProxyBLTestIPAddress)) ? GateKeeperModule.config.ProxyBLTestIPAddress : current.Request.UserHostAddress; string query = string.Format("{0}.{1}", GateKeeperModule.flipIPAddress(ip), "dnsbl.proxybl.org"); // perform the lookup string lookup = GateKeeperModule.DnsLookup(query, GateKeeperModule.config.ProxyBLTimeout); // stop the clock TimeSpan executiontime = DateTime.Now.Subtract(_start); //GateKeeperModule.log.DebugFormat("Lookup completion time in ms [{0}]", executiontime.Milliseconds.ToString()); // check if we recieved something back if (string.IsNullOrEmpty(lookup)) { //GateKeeperModule.log.Debug("Lookup returned no matching domain"); return(false); } //GateKeeperModule.log.Debug("Requestor IP address found in lookup"); if (GateKeeperModule.config.EnableProxyBLLogging) { AddProxy(current); } if (!GateKeeperModule.config.DenyProxyBLSuspect) { //GateKeeperModule.log.Debug("Skipping deny as per config settings"); return(false); } // Deny access to suspected spammer return(true); }
private static Boolean performLookup(HttpContext current) { //GateKeeperModule.log.Debug("Beginning lookup"); // start the clock DateTime _start = DateTime.Now; // Use test IP if configured string ip = (!string.IsNullOrEmpty(GateKeeperModule.config.HttpBLTestIPAddress)) ? GateKeeperModule.config.HttpBLTestIPAddress : current.Request.UserHostAddress; string query = string.Format("{0}.{1}.{2}", GateKeeperModule.config.HttpBLKeyCode, GateKeeperModule.flipIPAddress(ip), "dnsbl.httpbl.org"); // perform the lookup string lookup = GateKeeperModule.DnsLookup(query, GateKeeperModule.config.HttpBLTimeout); // stop the clock TimeSpan executiontime = DateTime.Now.Subtract(_start); //GateKeeperModule.log.DebugFormat("Lookup completion time in ms [{0}]", executiontime.Milliseconds.ToString()); // check if we recieved something back if (string.IsNullOrEmpty(lookup)) { //GateKeeperModule.log.Debug("Lookup returned no matching domain"); return(false); } // Split out response Regex parse = new Regex("(?<status>\\d+)\\.(?<days>\\d+)\\.(?<threat>\\d+)\\.(?<type>\\d+)", RegexOptions.Compiled); Match match = parse.Match(lookup); // Match found, load the lookup values int lastactivity = int.Parse(match.Groups["days"].Value); int threatscore = int.Parse(match.Groups["threat"].Value); int visitortype = int.Parse(match.Groups["type"].Value); // See if threatscore is greater than threshold set by user if (threatscore >= GateKeeperModule.config.ThreatScoreThreshold) { //GateKeeperModule.log.Debug("Requestor IP address equal to or above threatscore threshold"); if (GateKeeperModule.config.EnableHttpBLLogging) { AddHttp(current, threatscore, visitortype, lastactivity); } // Check if only check and no deny if (!GateKeeperModule.config.DenyHttpBLSuspect) { //GateKeeperModule.log.Debug("Skipping deny as per config settings"); return(false); } // Deny access to suspected spammer return(true); } else { //GateKeeperModule.log.Debug("Requestor IP address below threatscore threshold"); return(false); } }