问题
I'm creating a forums based site and want to block the members that post spam or abuse. I was thinking about using an HTTPModule to do this but I came across the Dynamic IP Restrictions extension to IIS7. I wonder if it's possible to add IPs dynamically from my app to the extension?
Also, if you have experience with that extension this will be great. I'm esp. interested to know whether it can affect performance in a high traffic website.
Thanks
回答1:
I was also interested in this.
At first I was using the UI in IIS7 to blacklist IP addresses.
I did take a look at the Rick Strahl link mentioned above but found a great resource here:
http://www.iis.net/configreference/system.webserver/security/ipsecurity/add
The code sample on that page shows you how to perform the action using C#. Here is the snip from that site
using System;
using System.Text;
using Microsoft.Web.Administration;
internal static class Sample
{
private static void Main()
{
using (ServerManager serverManager = new ServerManager())
{
Configuration config = serverManager.GetApplicationHostConfiguration();
ConfigurationSection ipSecuritySection = config.GetSection("system.webServer/security/ipSecurity", "Default Web Site");
ConfigurationElementCollection ipSecurityCollection = ipSecuritySection.GetCollection();
ConfigurationElement addElement = ipSecurityCollection.CreateElement("add");
addElement["ipAddress"] = @"192.168.100.1";
addElement["allowed"] = false;
ipSecurityCollection.Add(addElement);
ConfigurationElement addElement1 = ipSecurityCollection.CreateElement("add");
addElement1["ipAddress"] = @"169.254.0.0";
addElement1["subnetMask"] = @"255.255.0.0";
addElement1["allowed"] = false;
ipSecurityCollection.Add(addElement1);
serverManager.CommitChanges();
}
}
}
To get the Microsoft.Web.Administration package, in visual studio goto Tools -> Nuget Package Manager -> Package Manager Console.
Then type:
Install-Package Microsoft.Web.Administration
Another way of performing the same task is to use the command line and the appcmd command.
The following command does the same thing:
appcmd.exe set config "Default Web Site/SSM" -section:system.webServer/security/ipSecurity /+"[ipAddress='192.168.100.1',allowed='False']" /commit:apphost
and could be called from code using:
string website = "Default Web Site/SSM";
string ipAddress = "192.168.100.1";
string allowDeny = "False";
string cmd = string.Format("%systemroot%\\system32\\inetsrv\\appcmd.exe set config \"{0}\" -section:system.webServer/security/ipSecurity /+\"[ipAddress='{1}',allowed='{2}']\" /commit:apphost", website, ipAddress, allowDeny);
Process.Start(cmd);
The above command works but it turns out if you call it from C# it complains saying "The system cannot find the file specified Exception". To get around that you have to supply an admin username/password.
Here is the function:
void BlacklistIP(string ipAddress)
{
string website = "Default Web Site/SSM";
string allowDeny = "False";
string domain = "";
string args = string.Format(" set config \"{0}\" -section:system.webServer/security/ipSecurity /+\"[ipAddress='{1}',allowed='{2}']\" /commit:apphost", website, ipAddress, allowDeny);
System.Security.SecureString password = new System.Security.SecureString();
password.AppendChar('y');
password.AppendChar('o');
password.AppendChar('u');
password.AppendChar('r');
password.AppendChar('p');
password.AppendChar('a');
password.AppendChar('s');
password.AppendChar('s');
password.AppendChar('w');
password.AppendChar('o');
password.AppendChar('r');
password.AppendChar('d');
Process.Start(@"C:\windows\System32\inetsrv\appcmd.exe", args, "Administrator", password, domain);
}
Et Voila!
回答2:
It looks likes Rick Strahl has achieved this using the IIS API, please see link below:
http://www.west-wind.com/WebLog/posts/59731.aspx
Andrew
来源:https://stackoverflow.com/questions/589851/can-i-programmatically-add-an-ip-address-to-dynamic-ip-restrictions-extension-in