/// <summary> /// Event handler for BeginRequest. /// </summary> /// <param name="sender">Sender object instance.</param> /// <param name="e">Event arguments.</param> void Context_BeginRequest(object sender, EventArgs e) { if (InstallerHelper.ConnectionStringIsSet()) { try { if (HttpContext.Current != null && !HttpContext.Current.Request.Url.IsLoopback) { HttpApplication application = sender as HttpApplication; BannedIpAddress clientIP = new BannedIpAddress(); clientIP.Address = application.Request.UserHostAddress; // On any unexpected error we let visitor to visit website if (IpBlacklistManager.IsIpAddressBanned(clientIP)) { // Blocking process // for now just show error 404 - Forbidden // later let the user know that his ip address/network // was banned and a reason why... this means we need an error page (aspx) application.Response.StatusCode = 403; application.Server.Transfer("~/BannedAddress.htm"); application.Response.StatusDescription = "Access is denied"; application.Response.End(); } } } catch (Exception exc) { } } }
/// <summary> /// Saves a BannedIpAddress /// </summary> /// <returns>BannedIpAddress</returns> public BannedIpAddress SaveBannedIpAddressInfo() { DateTime nowDT = DateTime.UtcNow; BannedIpAddress ipAddress = this.BlacklistService.GetBannedIpAddressById(this.BannedIpAddressId); // Check if the IP is valid if (!this.BlacklistService.IsValidIp(txtBannedIP.Text.Trim())) throw new NopException("The following isn't a valid IP address: " + txtBannedIP.Text); //if ip address is not null update if (ipAddress != null) { ipAddress.Address = txtBannedIP.Text; ipAddress.Comment = txtComment.Text; ipAddress.UpdatedOn = nowDT; this.BlacklistService.UpdateBannedIpAddress(ipAddress); } else //insert { ipAddress = new BannedIpAddress() { Address = txtBannedIP.Text, Comment = txtComment.Text, CreatedOn = nowDT, UpdatedOn = nowDT }; this.BlacklistService.InsertBannedIpAddress(ipAddress); } return ipAddress; }
/// <summary> /// Updates an IP address /// </summary> /// <param name="ipAddress">IP address</param> /// <returns>IP address</returns> public void UpdateBannedIpAddress(BannedIpAddress ipAddress) { if (ipAddress == null) { throw new ArgumentNullException("ipAddress"); } ipAddress.Address = CommonHelper.EnsureNotNull(ipAddress.Address); ipAddress.Address = ipAddress.Address.Trim(); ipAddress.Address = CommonHelper.EnsureMaximumLength(ipAddress.Address, 50); ipAddress.Comment = CommonHelper.EnsureNotNull(ipAddress.Comment); ipAddress.Comment = CommonHelper.EnsureMaximumLength(ipAddress.Comment, 500); if (!_context.IsAttached(ipAddress)) { _context.BannedIpAddresses.Attach(ipAddress); } _context.SaveChanges(); if (this.CacheEnabled) { _cacheManager.RemoveByPattern(BLACKLIST_IP_PATTERN_KEY); } }
/// <summary> /// Checks if an IP from the IpAddressCollection or the IpNetworkCollection is banned /// </summary> /// <param name="ipAddress">IP address</param> /// <returns>False or true</returns> public static bool IsIpAddressBanned(BannedIpAddress ipAddress) { // Check if the IP is valid if (!IsValidIp(ipAddress.Address.Trim())) { throw new NopException("The following isn't a valid IP address: " + ipAddress.Address); } // Check if the IP is in the banned IP addresses var ipAddressCollection = GetBannedIpAddressAll(); //if (ipAddressCollection.Contains(ipAddress)) foreach (var ip in ipAddressCollection) { if (IsEqual(ipAddress.Address, ip.Address)) { return(true); } } // Check if the IP is in the banned IP networks var ipNetworkCollection = GetBannedIpNetworkAll(); foreach (var ipNetwork in ipNetworkCollection) { // Get the first and last IPs in the network string[] rangeItem = ipNetwork.ToString().Split("-".ToCharArray()); // Get the exceptions as a list var exceptionItem = new List <string>(); exceptionItem.AddRange(ipNetwork.IpException.ToString().Split(";".ToCharArray())); // Check if the IP is an exception if (exceptionItem.Contains(ipAddress.Address.ToString())) { return(false); } // Check if the 1st IP is valid if (!IsValidIp(rangeItem[0].Trim())) { throw new NopException("The following isn't a valid IP address: " + rangeItem[0]); } // Check if the 2nd IP is valid if (!IsValidIp(rangeItem[1].Trim())) { throw new NopException("The following isn't a valid IP address: " + rangeItem[1]); } //Check if the IP is in the given range if (IsGreaterOrEqual(ipAddress.Address.ToString(), rangeItem[0].Trim()) && IsLessOrEqual(ipAddress.Address.ToString(), rangeItem[1].Trim())) { return(true); } } // Return false otherwise return(false); }
/// <summary> /// Gets an IP address by its ID /// </summary> /// <param name="ipAddressID">IP Address unique identifier</param> /// <returns>An IP address</returns> public static BannedIpAddress GetBannedIpAddressById(int ipAddressID) { if (ipAddressID == 0) { return(null); } DBBannedIpAddress dbItem = DBProviderManager <DBBlacklistProvider> .Provider.GetIpAddressByID(ipAddressID); BannedIpAddress ipAddress = DBMapping(dbItem); return(ipAddress); }
/// <summary> /// Updates an IP address /// </summary> /// <param name="ipAddressID">IP address unique identifier</param> /// <param name="address">IP address</param> /// <param name="comment">Reason why the IP was banned</param> /// <param name="createdOn">When the record was inserted</param> /// <param name="updatedOn">When the record was last updated</param> /// <returns>IP address</returns> public static BannedIpAddress UpdateBannedIpAddress(int ipAddressID, string address, string comment, DateTime createdOn, DateTime updatedOn) { createdOn = DateTimeHelper.ConvertToUtcTime(createdOn); updatedOn = DateTimeHelper.ConvertToUtcTime(updatedOn); DBBannedIpAddress dbItem = DBProviderManager <DBBlacklistProvider> .Provider.UpdateBannedIpAddress(ipAddressID, address, comment, createdOn, updatedOn); BannedIpAddress ipAddress = DBMapping(dbItem); if (IpBlacklistManager.CacheEnabled) { NopCache.RemoveByPattern(BLACKLIST_IP_PATTERN_KEY); } return(ipAddress); }
private static BannedIpAddress DBMapping(DBBannedIpAddress dbItem) { if (dbItem == null) { return(null); } var ipAddress = new BannedIpAddress(); ipAddress.BannedIpAddressId = dbItem.BannedIpAddressId; ipAddress.Address = dbItem.Address; ipAddress.Comment = dbItem.Comment; ipAddress.CreatedOn = dbItem.CreatedOn; ipAddress.UpdatedOn = dbItem.UpdatedOn; return(ipAddress); }
private static BannedIpAddressCollection DBMapping(DBBannedIpAddressCollection dbCollection) { if (dbCollection == null) { return(null); } BannedIpAddressCollection ipCollection = new BannedIpAddressCollection(); foreach (DBBannedIpAddress dbItem in dbCollection) { BannedIpAddress item = DBMapping(dbItem); ipCollection.Add(item); } return(ipCollection); }
/// <summary> /// Event handler for BeginRequest. /// </summary> /// <param name="sender">Sender object instance.</param> /// <param name="e">Event arguments.</param> private void Context_BeginRequest(object sender, EventArgs e) { if (InstallerHelper.ConnectionStringIsSet()) { try { //exit if a request for a .net mapping that isn't a content page is made i.e. axd if (!CommonHelper.IsContentPageRequested()) { return; } //exit if a request for a .net mapping that isn't a content page is made i.e. axd if (!CommonHelper.IsContentPageRequested()) { return; } if (HttpContext.Current != null && !HttpContext.Current.Request.Url.IsLoopback) { HttpApplication application = sender as HttpApplication; var clientIp = new BannedIpAddress(); clientIp.Address = application.Request.UserHostAddress; // On any unexpected error we let visitor to visit website if (IoC.Resolve <IBlacklistService>().IsIpAddressBanned(clientIp)) { // Blocking process // for now just show error 404 - Forbidden // later let the user know that his ip address/network // was banned and a reason why... this means we need an error page (aspx) application.Response.StatusCode = 403; application.Server.Transfer("~/BannedAddress.htm"); application.Response.StatusDescription = "Access is denied"; application.Response.End(); } } } catch (Exception) { } } }
/// <summary> /// Event handler for BeginRequest. /// </summary> /// <param name="sender">Sender object instance.</param> /// <param name="e">Event arguments.</param> private void Context_BeginRequest(object sender, EventArgs e) { if (InstallerHelper.ConnectionStringIsSet()) { try { //exit if a request for a .net mapping that isn't a content page is made i.e. axd if (!CommonHelper.IsContentPageRequested()) return; //exit if a request for a .net mapping that isn't a content page is made i.e. axd if (!CommonHelper.IsContentPageRequested()) return; if (HttpContext.Current != null && !HttpContext.Current.Request.Url.IsLoopback) { HttpApplication application = sender as HttpApplication; var clientIp = new BannedIpAddress(); clientIp.Address = application.Request.UserHostAddress; // On any unexpected error we let visitor to visit website if (IoC.Resolve<IBlacklistService>().IsIpAddressBanned(clientIp)) { // Blocking process // for now just show error 404 - Forbidden // later let the user know that his ip address/network // was banned and a reason why... this means we need an error page (aspx) application.Response.StatusCode = 403; application.Server.Transfer("~/BannedAddress.htm"); application.Response.StatusDescription = "Access is denied"; application.Response.End(); } } } catch (Exception) { } } }
protected void BtnBanByCustomerIP_OnClick(object sender, EventArgs e) { Order order = OrderManager.GetOrderById(this.OrderId); if(order != null && !String.IsNullOrEmpty(order.CustomerIP)) { BannedIpAddress banItem = new BannedIpAddress(); banItem.Address = order.CustomerIP; if(!IpBlacklistManager.IsIpAddressBanned(banItem)) { IpBlacklistManager.InsertBannedIpAddress(order.CustomerIP, String.Empty, DateTime.UtcNow, DateTime.UtcNow); } } }
protected void BtnBanByCustomerIP_OnClick(object sender, EventArgs e) { Order order = this.OrderService.GetOrderById(this.OrderId); if(order != null && !String.IsNullOrEmpty(order.CustomerIP)) { BannedIpAddress banItem = new BannedIpAddress(); banItem.Address = order.CustomerIP; if(!this.BlacklistService.IsIpAddressBanned(banItem)) { this.BlacklistService.InsertBannedIpAddress( new BannedIpAddress() { Address = order.CustomerIP, Comment = String.Empty, CreatedOn = DateTime.UtcNow, UpdatedOn = DateTime.UtcNow }); } } }
/// <summary> /// Checks if an IP from the IpAddressCollection or the IpNetworkCollection is banned /// </summary> /// <param name="ipAddress">IP address</param> /// <returns>False or true</returns> public static bool IsIpAddressBanned(BannedIpAddress ipAddress) { // Check if the IP is valid if (!IsValidIp(ipAddress.Address.Trim())) throw new NopException("The following isn't a valid IP address: " + ipAddress.Address); // Check if the IP is in the banned IP addresses var ipAddressCollection = GetBannedIpAddressAll(); //if (ipAddressCollection.Contains(ipAddress)) foreach (var ip in ipAddressCollection) if (IsEqual(ipAddress.Address, ip.Address)) return true; // Check if the IP is in the banned IP networks var ipNetworkCollection = GetBannedIpNetworkAll(); foreach (var ipNetwork in ipNetworkCollection) { // Get the first and last IPs in the network string[] rangeItem = ipNetwork.ToString().Split("-".ToCharArray()); // Get the exceptions as a list var exceptionItem = new List<string>(); exceptionItem.AddRange(ipNetwork.IpException.ToString().Split(";".ToCharArray())); // Check if the IP is an exception if(exceptionItem.Contains(ipAddress.Address.ToString())) return false; // Check if the 1st IP is valid if (!IsValidIp(rangeItem[0].Trim())) throw new NopException("The following isn't a valid IP address: " + rangeItem[0]); // Check if the 2nd IP is valid if (!IsValidIp(rangeItem[1].Trim())) throw new NopException("The following isn't a valid IP address: " + rangeItem[1]); //Check if the IP is in the given range if (IsGreaterOrEqual(ipAddress.Address.ToString(), rangeItem[0].Trim()) && IsLessOrEqual(ipAddress.Address.ToString(), rangeItem[1].Trim())) return true; } // Return false otherwise return false; }