We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you two Citrix podcasts. Learn about 2020 trends and get answers to your biggest Citrix questions!Listen Now

x

Controlling IIS IP Filtering Settings from ASP.Net

v_bharghava
v_bharghava asked
on
Medium Priority
400 Views
Last Modified: 2008-02-01
I need to block an IP / IP Range for a specific Virtual directory in IIS.
While I can do this using IIS' built-in IP filtering feature, I find that it's basically a manual option.
I fancy doing the same using ASP.Net when my web application detects more than three failed attempts from the same IP,
I would like to have my application add the IP to IIS' filter list effectively blocking the user from accessing the application.

Ideas on:

1. Detecting multiple failed login attempts from the same IP / IP range
2. Accessing IIS IP filter list to deny access to resource
3. After a timeout, I might also need to "unblock" the IP / IP range

would be a great help.  Thanks in advance
Comment
Watch Question

CERTIFIED EXPERT
Top Expert 2006

Commented:
If you are good in programming with .net  use System.Diagnostics Namespace class library which contains the Eventlog components to read the event log and log the ip which fails for three time contiuosly and block it.-

Also check this article to know abt brute force attacks
http://www.codeguru.com/csharp/.net/net_security/authentication/article.php/c7907/#more
CERTIFIED EXPERT

Commented:
CERTIFIED EXPERT
Commented:
I noticed that MSDN is probably protected to subscribers. See the following link instead:

http://www.codeproject.com/csharp/iiswmi.asp

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts

Commented:
"I fancy doing the same using ASP.Net when my web application detects more than three failed attempts from the same IP"

What's meaning? Do you control this through db?

Author

Commented:
TML has pointed out nicely to what I wanted to accomplish in bullet 2.
agiampy, that could be one of the approaches for accomplishing bullet 1 & 3.
Since I need to detect failed attempts from the IP, I may have to store all failed attempts somewhere.  
Eventlog approach suggested by "dnojcd" might not be appropriate here.  Database is a natural choice.  But what would the architecture of such a program would be?  Would it be a demon implemented as a Windows Service or a hread spwaned on Application_Start that iterates through the list of blocked IPs and according to the elapsed time unblocks blocked IP addresses?
CERTIFIED EXPERT

Commented:
#1, How is the login performed? Are you using forms login or integrated windows authentication ? If you're using forms you can easily write to a database in your own code.

#3 can be solved by writing a small program that checks and clears the list. Then you just schedule it to run every hour.

Commented:
Hi,
#1 You shuold use servervariables to detect what's the remote IP and verify if this IP has been failed the logon
#2 If it has been failed, you should add this to a table (BlackList) and save also date/time of failed logon
#3 When a remote user shuld be attempt to access your site, you just verify what is the IP (Request.ServerVariables("Remote_Addr")) and search it in the tabel BlackList. IF it is in table, verify the date/time, and delete the IP if "unblock" state. After this, repeat the #1.
 
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.