/// <summary>
/// Event handler for BeginRequest.
/// </summary>
/// <param name="sender">Sender object instance.</param>
/// <param name="e">Event arguments.</param>
void Context_BeginRequest(object sender, EventArgs e)
{
if (InstallerHelper.ConnectionStringIsSet())
{
try
{
if (HttpContext.Current != null && !HttpContext.Current.Request.Url.IsLoopback)
{
HttpApplication application = sender as HttpApplication;
BannedIpAddress clientIP = new BannedIpAddress();
clientIP.Address = application.Request.UserHostAddress;
// On any unexpected error we let visitor to visit website
if (IpBlacklistManager.IsIpAddressBanned(clientIP))
{
// Blocking process
// for now just show error 404 - Forbidden
// later let the user know that his ip address/network
// was banned and a reason why... this means we need an error page (aspx)
application.Response.StatusCode = 403;
application.Server.Transfer("~/BannedAddress.htm");
application.Response.StatusDescription = "Access is denied";
application.Response.End();
}
}
}
catch (Exception exc)
{
}
}
}
/// <summary>
/// Saves a BannedIpAddress
/// </summary>
/// <returns>BannedIpAddress</returns>
public BannedIpAddress SaveBannedIpAddressInfo()
{
DateTime nowDT = DateTime.UtcNow;
BannedIpAddress ipAddress = this.BlacklistService.GetBannedIpAddressById(this.BannedIpAddressId);
// Check if the IP is valid
if (!this.BlacklistService.IsValidIp(txtBannedIP.Text.Trim()))
throw new NopException("The following isn't a valid IP address: " + txtBannedIP.Text);
//if ip address is not null update
if (ipAddress != null)
{
ipAddress.Address = txtBannedIP.Text;
ipAddress.Comment = txtComment.Text;
ipAddress.UpdatedOn = nowDT;
this.BlacklistService.UpdateBannedIpAddress(ipAddress);
}
else //insert
{
ipAddress = new BannedIpAddress()
{
Address = txtBannedIP.Text,
Comment = txtComment.Text,
CreatedOn = nowDT,
UpdatedOn = nowDT
};
this.BlacklistService.InsertBannedIpAddress(ipAddress);
}
return ipAddress;
}
/// <summary>
/// Updates an IP address
/// </summary>
/// <param name="ipAddress">IP address</param>
/// <returns>IP address</returns>
public void UpdateBannedIpAddress(BannedIpAddress ipAddress)
{
if (ipAddress == null)
{
throw new ArgumentNullException("ipAddress");
}
ipAddress.Address = CommonHelper.EnsureNotNull(ipAddress.Address);
ipAddress.Address = ipAddress.Address.Trim();
ipAddress.Address = CommonHelper.EnsureMaximumLength(ipAddress.Address, 50);
ipAddress.Comment = CommonHelper.EnsureNotNull(ipAddress.Comment);
ipAddress.Comment = CommonHelper.EnsureMaximumLength(ipAddress.Comment, 500);
if (!_context.IsAttached(ipAddress))
{
_context.BannedIpAddresses.Attach(ipAddress);
}
_context.SaveChanges();
if (this.CacheEnabled)
{
_cacheManager.RemoveByPattern(BLACKLIST_IP_PATTERN_KEY);
}
}
/// <summary>
/// Checks if an IP from the IpAddressCollection or the IpNetworkCollection is banned
/// </summary>
/// <param name="ipAddress">IP address</param>
/// <returns>False or true</returns>
public static bool IsIpAddressBanned(BannedIpAddress ipAddress)
{
// Check if the IP is valid
if (!IsValidIp(ipAddress.Address.Trim()))
{
throw new NopException("The following isn't a valid IP address: " + ipAddress.Address);
}
// Check if the IP is in the banned IP addresses
var ipAddressCollection = GetBannedIpAddressAll();
//if (ipAddressCollection.Contains(ipAddress))
foreach (var ip in ipAddressCollection)
{
if (IsEqual(ipAddress.Address, ip.Address))
{
return(true);
}
}
// Check if the IP is in the banned IP networks
var ipNetworkCollection = GetBannedIpNetworkAll();
foreach (var ipNetwork in ipNetworkCollection)
{
// Get the first and last IPs in the network
string[] rangeItem = ipNetwork.ToString().Split("-".ToCharArray());
// Get the exceptions as a list
var exceptionItem = new List <string>();
exceptionItem.AddRange(ipNetwork.IpException.ToString().Split(";".ToCharArray()));
// Check if the IP is an exception
if (exceptionItem.Contains(ipAddress.Address.ToString()))
{
return(false);
}
// Check if the 1st IP is valid
if (!IsValidIp(rangeItem[0].Trim()))
{
throw new NopException("The following isn't a valid IP address: " + rangeItem[0]);
}
// Check if the 2nd IP is valid
if (!IsValidIp(rangeItem[1].Trim()))
{
throw new NopException("The following isn't a valid IP address: " + rangeItem[1]);
}
//Check if the IP is in the given range
if (IsGreaterOrEqual(ipAddress.Address.ToString(), rangeItem[0].Trim()) &&
IsLessOrEqual(ipAddress.Address.ToString(), rangeItem[1].Trim()))
{
return(true);
}
}
// Return false otherwise
return(false);
}
/// <summary>
/// Gets an IP address by its ID
/// </summary>
/// <param name="ipAddressID">IP Address unique identifier</param>
/// <returns>An IP address</returns>
public static BannedIpAddress GetBannedIpAddressById(int ipAddressID)
{
if (ipAddressID == 0)
{
return(null);
}
DBBannedIpAddress dbItem = DBProviderManager <DBBlacklistProvider> .Provider.GetIpAddressByID(ipAddressID);
BannedIpAddress ipAddress = DBMapping(dbItem);
return(ipAddress);
}
/// <summary>
/// Updates an IP address
/// </summary>
/// <param name="ipAddressID">IP address unique identifier</param>
/// <param name="address">IP address</param>
/// <param name="comment">Reason why the IP was banned</param>
/// <param name="createdOn">When the record was inserted</param>
/// <param name="updatedOn">When the record was last updated</param>
/// <returns>IP address</returns>
public static BannedIpAddress UpdateBannedIpAddress(int ipAddressID, string address, string comment, DateTime createdOn, DateTime updatedOn)
{
createdOn = DateTimeHelper.ConvertToUtcTime(createdOn);
updatedOn = DateTimeHelper.ConvertToUtcTime(updatedOn);
DBBannedIpAddress dbItem = DBProviderManager <DBBlacklistProvider> .Provider.UpdateBannedIpAddress(ipAddressID, address, comment, createdOn, updatedOn);
BannedIpAddress ipAddress = DBMapping(dbItem);
if (IpBlacklistManager.CacheEnabled)
{
NopCache.RemoveByPattern(BLACKLIST_IP_PATTERN_KEY);
}
return(ipAddress);
}
private static BannedIpAddress DBMapping(DBBannedIpAddress dbItem)
{
if (dbItem == null)
{
return(null);
}
var ipAddress = new BannedIpAddress();
ipAddress.BannedIpAddressId = dbItem.BannedIpAddressId;
ipAddress.Address = dbItem.Address;
ipAddress.Comment = dbItem.Comment;
ipAddress.CreatedOn = dbItem.CreatedOn;
ipAddress.UpdatedOn = dbItem.UpdatedOn;
return(ipAddress);
}
private static BannedIpAddressCollection DBMapping(DBBannedIpAddressCollection dbCollection)
{
if (dbCollection == null)
{
return(null);
}
BannedIpAddressCollection ipCollection = new BannedIpAddressCollection();
foreach (DBBannedIpAddress dbItem in dbCollection)
{
BannedIpAddress item = DBMapping(dbItem);
ipCollection.Add(item);
}
return(ipCollection);
}
/// <summary>
/// Event handler for BeginRequest.
/// </summary>
/// <param name="sender">Sender object instance.</param>
/// <param name="e">Event arguments.</param>
private void Context_BeginRequest(object sender, EventArgs e)
{
if (InstallerHelper.ConnectionStringIsSet())
{
try
{
//exit if a request for a .net mapping that isn't a content page is made i.e. axd
if (!CommonHelper.IsContentPageRequested())
{
return;
}
//exit if a request for a .net mapping that isn't a content page is made i.e. axd
if (!CommonHelper.IsContentPageRequested())
{
return;
}
if (HttpContext.Current != null && !HttpContext.Current.Request.Url.IsLoopback)
{
HttpApplication application = sender as HttpApplication;
var clientIp = new BannedIpAddress();
clientIp.Address = application.Request.UserHostAddress;
// On any unexpected error we let visitor to visit website
if (IoC.Resolve <IBlacklistService>().IsIpAddressBanned(clientIp))
{
// Blocking process
// for now just show error 404 - Forbidden
// later let the user know that his ip address/network
// was banned and a reason why... this means we need an error page (aspx)
application.Response.StatusCode = 403;
application.Server.Transfer("~/BannedAddress.htm");
application.Response.StatusDescription = "Access is denied";
application.Response.End();
}
}
}
catch (Exception)
{
}
}
}
/// <summary>
/// Event handler for BeginRequest.
/// </summary>
/// <param name="sender">Sender object instance.</param>
/// <param name="e">Event arguments.</param>
private void Context_BeginRequest(object sender, EventArgs e)
{
if (InstallerHelper.ConnectionStringIsSet())
{
try
{
//exit if a request for a .net mapping that isn't a content page is made i.e. axd
if (!CommonHelper.IsContentPageRequested())
return;
//exit if a request for a .net mapping that isn't a content page is made i.e. axd
if (!CommonHelper.IsContentPageRequested())
return;
if (HttpContext.Current != null && !HttpContext.Current.Request.Url.IsLoopback)
{
HttpApplication application = sender as HttpApplication;
var clientIp = new BannedIpAddress();
clientIp.Address = application.Request.UserHostAddress;
// On any unexpected error we let visitor to visit website
if (IoC.Resolve<IBlacklistService>().IsIpAddressBanned(clientIp))
{
// Blocking process
// for now just show error 404 - Forbidden
// later let the user know that his ip address/network
// was banned and a reason why... this means we need an error page (aspx)
application.Response.StatusCode = 403;
application.Server.Transfer("~/BannedAddress.htm");
application.Response.StatusDescription = "Access is denied";
application.Response.End();
}
}
}
catch (Exception)
{
}
}
}
protected void BtnBanByCustomerIP_OnClick(object sender, EventArgs e)
{
Order order = OrderManager.GetOrderById(this.OrderId);
if(order != null && !String.IsNullOrEmpty(order.CustomerIP))
{
BannedIpAddress banItem = new BannedIpAddress();
banItem.Address = order.CustomerIP;
if(!IpBlacklistManager.IsIpAddressBanned(banItem))
{
IpBlacklistManager.InsertBannedIpAddress(order.CustomerIP, String.Empty, DateTime.UtcNow, DateTime.UtcNow);
}
}
}
protected void BtnBanByCustomerIP_OnClick(object sender, EventArgs e)
{
Order order = this.OrderService.GetOrderById(this.OrderId);
if(order != null && !String.IsNullOrEmpty(order.CustomerIP))
{
BannedIpAddress banItem = new BannedIpAddress();
banItem.Address = order.CustomerIP;
if(!this.BlacklistService.IsIpAddressBanned(banItem))
{
this.BlacklistService.InsertBannedIpAddress(
new BannedIpAddress()
{
Address = order.CustomerIP,
Comment = String.Empty,
CreatedOn = DateTime.UtcNow,
UpdatedOn = DateTime.UtcNow
});
}
}
}
/// <summary>
/// Checks if an IP from the IpAddressCollection or the IpNetworkCollection is banned
/// </summary>
/// <param name="ipAddress">IP address</param>
/// <returns>False or true</returns>
public static bool IsIpAddressBanned(BannedIpAddress ipAddress)
{
// Check if the IP is valid
if (!IsValidIp(ipAddress.Address.Trim()))
throw new NopException("The following isn't a valid IP address: " + ipAddress.Address);
// Check if the IP is in the banned IP addresses
var ipAddressCollection = GetBannedIpAddressAll();
//if (ipAddressCollection.Contains(ipAddress))
foreach (var ip in ipAddressCollection)
if (IsEqual(ipAddress.Address, ip.Address))
return true;
// Check if the IP is in the banned IP networks
var ipNetworkCollection = GetBannedIpNetworkAll();
foreach (var ipNetwork in ipNetworkCollection)
{
// Get the first and last IPs in the network
string[] rangeItem = ipNetwork.ToString().Split("-".ToCharArray());
// Get the exceptions as a list
var exceptionItem = new List<string>();
exceptionItem.AddRange(ipNetwork.IpException.ToString().Split(";".ToCharArray()));
// Check if the IP is an exception
if(exceptionItem.Contains(ipAddress.Address.ToString()))
return false;
// Check if the 1st IP is valid
if (!IsValidIp(rangeItem[0].Trim()))
throw new NopException("The following isn't a valid IP address: " + rangeItem[0]);
// Check if the 2nd IP is valid
if (!IsValidIp(rangeItem[1].Trim()))
throw new NopException("The following isn't a valid IP address: " + rangeItem[1]);
//Check if the IP is in the given range
if (IsGreaterOrEqual(ipAddress.Address.ToString(), rangeItem[0].Trim())
&& IsLessOrEqual(ipAddress.Address.ToString(), rangeItem[1].Trim()))
return true;
}
// Return false otherwise
return false;
}
