Can I programmatically add an IP address to Dynamic IP Restrictions extension in IIS7 from my ASP.NET app?

后端 未结 2 626
無奈伤痛
無奈伤痛 2021-02-06 12:15

I\'m creating a forums based site and want to block the members that post spam or abuse. I was thinking about using an HTTPModule to do this but I came across the Dynamic IP Res

相关标签:
2条回答
  • 2021-02-06 12:38

    I was also interested in this.

    At first I was using the UI in IIS7 to blacklist IP addresses.

    enter image description here

    I did take a look at the Rick Strahl link mentioned above but found a great resource here:

    http://www.iis.net/configreference/system.webserver/security/ipsecurity/add

    The code sample on that page shows you how to perform the action using C#. Here is the snip from that site

    using System;
    using System.Text;
    using Microsoft.Web.Administration;
    
    internal static class Sample
    {
       private static void Main()
       {
          using (ServerManager serverManager = new ServerManager())
          {
             Configuration config = serverManager.GetApplicationHostConfiguration();
             ConfigurationSection ipSecuritySection = config.GetSection("system.webServer/security/ipSecurity", "Default Web Site");
             ConfigurationElementCollection ipSecurityCollection = ipSecuritySection.GetCollection();
    
             ConfigurationElement addElement = ipSecurityCollection.CreateElement("add");
             addElement["ipAddress"] = @"192.168.100.1";
             addElement["allowed"] = false;
             ipSecurityCollection.Add(addElement);
    
             ConfigurationElement addElement1 = ipSecurityCollection.CreateElement("add");
             addElement1["ipAddress"] = @"169.254.0.0";
             addElement1["subnetMask"] = @"255.255.0.0";
             addElement1["allowed"] = false;
             ipSecurityCollection.Add(addElement1);
    
             serverManager.CommitChanges();
          }
       }
    }
    

    To get the Microsoft.Web.Administration package, in visual studio goto Tools -> Nuget Package Manager -> Package Manager Console.

    Then type:

    Install-Package Microsoft.Web.Administration
    

    Another way of performing the same task is to use the command line and the appcmd command.

    The following command does the same thing:

    appcmd.exe set config "Default Web Site/SSM" -section:system.webServer/security/ipSecurity /+"[ipAddress='192.168.100.1',allowed='False']" /commit:apphost
    

    and could be called from code using:

    string website = "Default Web Site/SSM";
    string ipAddress = "192.168.100.1";
    string allowDeny = "False";
    
    string cmd = string.Format("%systemroot%\\system32\\inetsrv\\appcmd.exe set config \"{0}\" -section:system.webServer/security/ipSecurity /+\"[ipAddress='{1}',allowed='{2}']\" /commit:apphost", website, ipAddress, allowDeny);
    Process.Start(cmd);
    

    The above command works but it turns out if you call it from C# it complains saying "The system cannot find the file specified Exception". To get around that you have to supply an admin username/password.

    Here is the function:

    void BlacklistIP(string ipAddress)
    {
        string website = "Default Web Site/SSM";
        string allowDeny = "False";
        string domain = "";
    
        string args = string.Format(" set config \"{0}\" -section:system.webServer/security/ipSecurity /+\"[ipAddress='{1}',allowed='{2}']\" /commit:apphost", website, ipAddress, allowDeny);
    
        System.Security.SecureString password = new System.Security.SecureString();
        password.AppendChar('y');
        password.AppendChar('o');
        password.AppendChar('u');
        password.AppendChar('r');
        password.AppendChar('p');
        password.AppendChar('a');
        password.AppendChar('s');
        password.AppendChar('s');
        password.AppendChar('w');
        password.AppendChar('o');
        password.AppendChar('r');
        password.AppendChar('d');
    
        Process.Start(@"C:\windows\System32\inetsrv\appcmd.exe", args, "Administrator", password, domain);
    }
    

    Et Voila!

    0 讨论(0)
  • 2021-02-06 12:45

    It looks likes Rick Strahl has achieved this using the IIS API, please see link below:

    http://www.west-wind.com/WebLog/posts/59731.aspx

    Andrew

    0 讨论(0)
提交回复
热议问题