3

i defined some rules and it includes ip adresses like this.

ip adress : 192.168.2.10 , block:true |
ip adress : 192.168.3.x , block:true |
ip adress : 10.x.x.x , block:false

x means "all". I get user ip on page_load and I want to compare it to my rules. How do I compare user ip and rules in ip list?

For example if ip starts "10" not block it...also if ip ends "10" block it like that...

(also, sorry about my English)

AlG
  • 14,697
  • 4
  • 41
  • 54
Mennan
  • 4,451
  • 13
  • 54
  • 86
  • Yikes... there are options available for you already. [Here's](http://www.hanselman.com/blog/AnIPAddressBlockingHttpModuleForASPNETIn9Minutes.aspx) one. If you insist on doing it yourself, you may want to learn a bit about IP address standards. They could make your job much simpler (first think that comes to mind is CIDR notation). – M.Babcock Mar 12 '12 at 15:35
  • @M.Babcock: I think that example you linked is just using individual IP addresses rather than blocks so will be unwieldy if you want to block 192.168.0.0/16 or something... – Chris Mar 12 '12 at 15:50
  • Although its not quite a duplicate http://stackoverflow.com/questions/1499269/how-to-check-if-an-ip-address-is-within-a-particular-subnet should give you enough information to do what you want... The main difference is just in learning the different notation they use. – Chris Mar 12 '12 at 15:51
  • @Chris - You're right, but that would still be better than making up a new way to represent an IP mask. – M.Babcock Mar 12 '12 at 15:52
  • i m sorry for duplicate post and thx for ur comments – Mennan Mar 12 '12 at 15:56
  • If the question is purely about checking if an IP is within a range, [this](http://stackoverflow.com/questions/9622967/how-to-see-if-an-ip-address-belongs-inside-of-a-range-of-ips-using-cidr-notation) question may be of assistance as well. – M.Babcock Mar 12 '12 at 15:57
  • Oh, I see what you mean. I hadn't really thought that `10.x.x.x` was actually how it would be recorded in code but yes, learning how IP masks work and are written as standard would be useful in the extreme. ;-) – Chris Mar 12 '12 at 15:57
  • @M.Babcock: that question is a much better match than the one I linked. And your advertising of it gained you a +1 for the good answer there. ;-) – Chris Mar 12 '12 at 16:02

1 Answers1

1

Here's one way you can accomplish what you seem to be describing:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Text.RegularExpressions;

namespace WebApplication1
{
    public partial class _Default : System.Web.UI.Page
    {
        private Dictionary<string, bool> rules = null;
        public Dictionary<string, bool> Rules
        {
            get
            {
                if (rules == null)
                {
                    // 1. use [0-9]{1,3} instead of x to represent any 1-3 digit numeric value
                    // 2. escape dots like such \. 
                    rules = new Dictionary<string, bool>();
                    rules.Add(@"192\.168\.2\.10", true);
                    rules.Add(@"192\.168\.3\.[0-9]{1,3}", true);
                    rules.Add(@"10\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}", false);
                }
                return rules;
            }
        }

        protected bool IsAuthorizedByIP()
        {
            bool isAuthorized = false;

            // get current IP
            string currentIP = Request.ServerVariables["REMOTE_ADDR"];
            currentIP = "10.168.2.10";

            // set Authorization flag by evaluating rules
            foreach (var rule in Rules)
            {
                if (Regex.IsMatch(currentIP, rule.Key))
                    isAuthorized = rule.Value;
            }

            return isAuthorized;
        }

        protected void Page_Load(object sender, EventArgs e)
        {
            if (IsAuthorizedByIP())
            {
                // do something that applies to authorized IPs
                Response.Write("You are authorized!");
            }
        }
    }
}

NOTE: The code above will set the Authorization flag to the last rule in the list that it matched. If multiple rules match, only the last match will be kept and previous ones are ignored. Keep this in mind when defining the rules and think about the order of your rules in the dictionary.

Also you can definitely move the Rule regular expression strings out into a config file if you want and read them in from there. I'll leave that part to you.

Dmitry Samuylov
  • 1,554
  • 2
  • 14
  • 37