Controlling IIS IP Filtering Settings from ASP.Net

Posted on 2006-03-26
Last Modified: 2008-02-01
I need to block an IP / IP Range for a specific Virtual directory in IIS.
While I can do this using IIS' built-in IP filtering feature, I find that it's basically a manual option.
I fancy doing the same using ASP.Net when my web application detects more than three failed attempts from the same IP,
I would like to have my application add the IP to IIS' filter list effectively blocking the user from accessing the application.

Ideas on:

1. Detecting multiple failed login attempts from the same IP / IP range
2. Accessing IIS IP filter list to deny access to resource
3. After a timeout, I might also need to "unblock" the IP / IP range

would be a great help.  Thanks in advance
Question by:v_bharghava
    LVL 10

    Expert Comment

    If you are good in programming with .net  use System.Diagnostics Namespace class library which contains the Eventlog components to read the event log and log the ip which fails for three time contiuosly and block it.-

    Also check this article to know abt brute force attacks
    LVL 12

    Expert Comment

    LVL 12

    Accepted Solution

    I noticed that MSDN is probably protected to subscribers. See the following link instead:

    Expert Comment

    "I fancy doing the same using ASP.Net when my web application detects more than three failed attempts from the same IP"

    What's meaning? Do you control this through db?
    LVL 2

    Author Comment

    TML has pointed out nicely to what I wanted to accomplish in bullet 2.
    agiampy, that could be one of the approaches for accomplishing bullet 1 & 3.
    Since I need to detect failed attempts from the IP, I may have to store all failed attempts somewhere.  
    Eventlog approach suggested by "dnojcd" might not be appropriate here.  Database is a natural choice.  But what would the architecture of such a program would be?  Would it be a demon implemented as a Windows Service or a hread spwaned on Application_Start that iterates through the list of blocked IPs and according to the elapsed time unblocks blocked IP addresses?
    LVL 12

    Expert Comment

    #1, How is the login performed? Are you using forms login or integrated windows authentication ? If you're using forms you can easily write to a database in your own code.

    #3 can be solved by writing a small program that checks and clears the list. Then you just schedule it to run every hour.

    Expert Comment

    #1 You shuold use servervariables to detect what's the remote IP and verify if this IP has been failed the logon
    #2 If it has been failed, you should add this to a table (BlackList) and save also date/time of failed logon
    #3 When a remote user shuld be attempt to access your site, you just verify what is the IP (Request.ServerVariables("Remote_Addr")) and search it in the tabel BlackList. IF it is in table, verify the date/time, and delete the IP if "unblock" state. After this, repeat the #1.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Do You Know the 4 Main Threat Actor Types?

    Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

    Suggested Solutions

    When pages do not download correctly, and you don't know why, the first thing you do is to look at the HTML source code of that page, but not all the downloaded files appear always clearly. If your source includes a javascript that computes the name…
    Foreword (July, 2015) Since I first wrote this article, years ago, a great many more people have begun using the internet.  They are coming online from every part of the globe, learning, reading, shopping and spending money at an ever-increasing ra…
    Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
    The viewer will learn how to dynamically set the form action using jQuery.

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now