Welcome!

Please use the form below to send us your comments, questions, and requests:
Your Name mailbox illustration - contact us concept
Your E-mail
Your comments, questions
 
Our Phone 510-794-7168
 

We work with our clients to answer today's most pressing business questions:

 
 

Restricting access to an application by an IP address, an IP address range, or an entire country.

There are many ways to block IP addresses on Windows Server including using IIS, and ASP.NET. The choice depends on your needs. You might want to block certain visitors if they only leave spam comments, or if their activities make it obvious that they are not really legitimate site users.

We are collecting general visitors' information such as UserHostAddress, UrlReferrer, Browser Type, etc. We use Application_BeginRequest event logic in global.asax.

It was natural for us to manage access to the site by extending the stored procedure that is recording this information by adding the "access" code to the information that we save.

At the same time we check the "AcessToSite" table where information about restricted addresses is kept. If there is a match with a “bad IPaddress” we sometimes use the Response.End() function to terminate the request.

Each record in the AcessToSite table can contain information about a block of addresses, so our table has a field for startIPAddress, endIPAddress, and accessflag.

The structure of the "AcessToSite" table:
startIPAddress - numeric(18, 0)
endIPAddress - numeric(18, 0)
accessFlag - tinyint
startIPAddress - endIPAddress - is the range of addresses to be restricted.

Application_BeginRequest logic:

   protected void Application_BeginRequest(Object sender, EventArgs e)
    {
        string s = Request.AppRelativeCurrentExecutionFilePath.ToLower();
        int accessflag = 0;
        if (s.EndsWith(".aspx") || s.EndsWith(".htm"))
        {
            string userHostAddress = Request.UserHostAddress;
            long ipAddress = CalculateIPAddress(userHostAddress);
            
            /*
            other parameters such as:
            string url = (Request.Url == null) ?
                string.Empty : Request.Path.ToString();
            string UrlReferrer = (Request.UrlReferrer == null) ?
                string.Empty : Request.UrlReferrer.ToString();
            Call to the database procedure (you need to put your own)
                that will record the information and return the accessflag
                for the ipAddress you calculated.
             */
             
        }
        if (accessflag == 2)
        {
            Response.End();
        }
    }

CalculateIPAddress procedure

   private static long CalculateIPAddress(string userHostAddress)
    {
        Int64 res = 0;
        try
        {
            string[] parts;
            parts = userHostAddress.Split('.');
            int part0, part1, part2, part3;
            part0 = Convert.ToInt32(parts[0]);
            part1 = Convert.ToInt32(parts[1]);
            part2 = Convert.ToInt32(parts[2]);
            part3 = Convert.ToInt32(parts[3]);
            res = (part0 * 256);
            res = res * 65536 + (part1 * 65536) + (part2 * 256) + part3;
        }
        catch
        {
        }
        return res;
    }

Some examples follow:

A single address such as 142.4.222.221 will calculate to the result 2382683869 which will be used as both the startIPAddress and endIPAddress.

A range of addresses such as 182.118.21.0 - 182.118.21.255 will calculate to the result range of 3061191936 – 3061192191, and be recorded as 3061191936 for startIPAddress and 3061192191 for endIPAddress. IP addresses in this range can be denied.

It is a somewhat radical step to restrict an entire country, but if it is nessassary

Countries have ranges of IP addresses assigned and these assignments are available in a GeoLite database published by MaxMind: http://www.maxmind.com. When you have the address range for the country you can block using the code above.

Download a GeoLite database - it is free.
Dont' forget to include a statement:
This product includes GeoLite data created by MaxMind http://www.maxmind.com

Instructions:
Download the GeoLite database - it is free provided attribution is given.
Dont' forget to include a statement:
"This product includes GeoLite data created by MaxMind http://www.maxmind.com"

This DataBase has the structure: startIPAddress, endIPAddress, countrycode, countryname.

 
 
Your bridge to e-World
Visualization+Advanced Technology
"Form follows function — that has been misunderstood.
Form and function should be one,
joined in a spiritual union."
Frank Lloyd Wright
Call us 510-794-7168
Our creative credo
If you are not a part of the solution, you are a part of the problem.

2005-2016, FeaturePics and FeatureImage, Fremont, California.
All rights reserved.
bottom background Valid XHTML 1.0 Transitional