动态封杀与解封IP
2016-04-29 17:51
225 查看
不论IIS6还是IIS7 都可以把需要封杀的IP加入封杀列表。但是需要注意的是我们代码写的是全部替换原先的数据。但是在IIS7下,执行的效果是原先的不替换,新加一批封杀 IP。当然IIS7下,如果新加的IP原来就有了,则会报如下异常:
System.Runtime.InteropServices.COMException was caught
Message="当文件已存在时,无法创建该文件。 (异常来自 HRESULT:0x800700B7)"
Source="System.DirectoryServices"
ErrorCode=-2147024713
StackTrace:
在 System.DirectoryServices.DirectoryEntry.CommitChanges()
在 IIS_Security_ConsoleApplication.Program.IPDeny() 位置 D:\MyCodes\IIS_Security_ConsoleApplication \IIS_Security_ConsoleApplication\Program.cs:行号 109
InnerException:
这就是说,IIS7, 我们可以通过编程接口增加封杀IP名单,但是没发通过编程接口剔出封杀IP。
如果谁知道怎么在iis7下面提出限制ip的请M我 571111539@qq.com,下面代码不是很完整,自行修改
System.Runtime.InteropServices.COMException was caught
Message="当文件已存在时,无法创建该文件。 (异常来自 HRESULT:0x800700B7)"
Source="System.DirectoryServices"
ErrorCode=-2147024713
StackTrace:
在 System.DirectoryServices.DirectoryEntry.CommitChanges()
在 IIS_Security_ConsoleApplication.Program.IPDeny() 位置 D:\MyCodes\IIS_Security_ConsoleApplication \IIS_Security_ConsoleApplication\Program.cs:行号 109
InnerException:
这就是说,IIS7, 我们可以通过编程接口增加封杀IP名单,但是没发通过编程接口剔出封杀IP。
如果谁知道怎么在iis7下面提出限制ip的请M我 571111539@qq.com,下面代码不是很完整,自行修改
[STAThread]
static void Main(string[] args)
{
string webName = "xiangpi";//网站名
string flag = "-a";
string denyflag = "-d";//-d黑名单 else白名单
string ipString = "192.168.0.89";//要限制的ip
string[] ipstringlist = ipString.Split(',');
int objID = GetObjID(webName);
if (objID <= 0)
return;
string objName = "IIS://localhost/W3SVC/" + objID+"/ROOT";
Console.WriteLine(objName);
try
{
DirectoryEntry root = new DirectoryEntry("IIS://localhost/W3SVC");
foreach (DirectoryEntry dir in root.Children)
{
if (dir.SchemaClassName == "IIsWebServer")
{
string ww = dir.Properties["ServerComment"].Value.ToString();
Console.WriteLine(string.Format(dir.Path+"/ROOT/{1}", dir.Name, ww));
}
}
Console.ReadLine();
DirectoryEntry IIS = new DirectoryEntry(objName);
Type typ = IIS.Properties["IPSecurity"][0].GetType();
object IPSecurity = IIS.Properties["IPSecurity"][0];
Array origIPDenyList = null;
if (denyflag.Equals("-d"))//
{
//retrieve the IPDeny list from the IPSecurity object
origIPDenyList = (Array)typ.InvokeMember("IPDeny",
BindingFlags.DeclaredOnly |
BindingFlags.Public | BindingFlags.NonPublic |
BindingFlags.Instance | BindingFlags.GetProperty,
null, IPSecurity, null);
// display what was being denied
List<string> iplist = new List<string>();
foreach (string s in origIPDenyList)
{
//iplist.Add(s);
Console.WriteLine("已有拒绝条目: " + s);
}
// check GrantByDefault. This has to be set to true,
// or what we are doing will not work.
if (flag.Equals("-a"))
{
foreach (string s in ipstringlist)
{
string ipstring = s + ", 255.255.255.255";
if (!iplist.Contains(ipstring))
iplist.Add(ipstring);
}
}
else if (flag.Equals("-g"))
{
foreach (string ip in iplist)
{
Console.WriteLine(ip);
}
}
else
{
foreach (string s in ipstringlist)
{
string ipstring = s + ", 255.255.255.255";
if (iplist.Contains(ipstring))
iplist.Remove(ipstring);
}
}
bool bGrantByDefault = (bool)typ.InvokeMember("GrantByDefault",
BindingFlags.DeclaredOnly |
BindingFlags.Public | BindingFlags.NonPublic |
BindingFlags.Instance | BindingFlags.GetProperty,
null, IPSecurity, null);
// Console.WriteLine("GrantByDefault = " + bGrantByDefault);
if (!bGrantByDefault)
{
typ.InvokeMember("GrantByDefault",
BindingFlags.DeclaredOnly |
BindingFlags.Public | BindingFlags.NonPublic |
BindingFlags.Instance | BindingFlags.SetProperty,
null, IPSecurity, new object[] { true });
}
object[] newIPDenyList = new object[iplist.Count];
int i = 0;
foreach (string s in iplist)
{
newIPDenyList[i] = s;
i++;
}
typ.InvokeMember("IPDeny",
BindingFlags.DeclaredOnly |
BindingFlags.Public | BindingFlags.NonPublic |
BindingFlags.Instance | BindingFlags.SetProperty,
null, IPSecurity, new object[] { ipString });
IIS.Properties["IPSecurity"][0] = IPSecurity;
// Console.WriteLine("Commiting the changes.");
// commit the changes
IIS.CommitChanges();
IIS.RefreshCache();
// check to see if the update took
Console.WriteLine("Checking to see if the update took.");
IPSecurity = IIS.Properties["IPSecurity"][0];
Array y = (Array)typ.InvokeMember("IPDeny",
BindingFlags.DeclaredOnly |
BindingFlags.Public | BindingFlags.NonPublic |
BindingFlags.Instance | BindingFlags.GetProperty,
null, IPSecurity, null);
// foreach (string s in y)
// / Console.WriteLine("After: " + s);
}
else
{
origIPDenyList = (Array)typ.InvokeMember("IPGrant",
BindingFlags.DeclaredOnly |
BindingFlags.Public | BindingFlags.NonPublic |
BindingFlags.Instance | BindingFlags.GetProperty,
null, IPSecurity, null);
// display what was being denied
List<string> iplist = new List<string>();
foreach (string s in origIPDenyList)
{
iplist.Add(s);
//Console.WriteLine("Before: " + s);
}
// check GrantByDefault. This has to be set to true,
// or what we are doing will not work.
if (flag.Equals("-a"))
{
foreach (string s in ipstringlist)
{
string ipstring = s + ", 255.255.255.255";
if (!iplist.Contains(ipstring))
iplist.Add(ipstring);
}
}
else if (flag.Equals("-g"))
{
foreach (string ip in iplist)
{
Console.WriteLine(ip);
}
}
else
{
foreach (string s in ipstringlist)
{
string ipstring = s + ", 255.255.255.255";
if (iplist.Contains(ipstring))
iplist.Remove(ipstring);
}
}
bool bGrantByDefault = (bool)typ.InvokeMember("GrantByDefault",
BindingFlags.DeclaredOnly |
BindingFlags.Public | BindingFlags.NonPublic |
BindingFlags.Instance | BindingFlags.GetProperty,
null, IPSecurity, null);
// Console.WriteLine("GrantByDefault = " + bGrantByDefault);
if (bGrantByDefault)
{
typ.InvokeMember("GrantByDefault",
BindingFlags.DeclaredOnly |
BindingFlags.Public | BindingFlags.NonPublic |
BindingFlags.Instance | BindingFlags.SetProperty,
null, IPSecurity, new object[] { false });
}
object[] newIPDenyList = new object[iplist.Count];
int i = 0;
foreach (string s in iplist)
{
newIPDenyList[i] = s;
i++;
}
typ.InvokeMember("IPGrant",
BindingFlags.DeclaredOnly |
BindingFlags.Public | BindingFlags.NonPublic |
BindingFlags.Instance | BindingFlags.SetProperty,
null, IPSecurity, new object[] { newIPDenyList });
IIS.Properties["IPSecurity"][0] = IPSecurity;
// Console.WriteLine("Commiting the changes.");
// commit the changes
IIS.CommitChanges();
IIS.RefreshCache();
// check to see if the update took
Console.WriteLine("Checking to see if the update took.");
IPSecurity = IIS.Properties["IPSecurity"][0];
Array y = (Array)typ.InvokeMember("IPGrant",
BindingFlags.DeclaredOnly |
BindingFlags.Public | BindingFlags.NonPublic |
BindingFlags.Instance | BindingFlags.GetProperty,
null, IPSecurity, null);
}
}
catch (Exception e)
{
Console.WriteLine("Error: " + e.ToString());
}
Console.ReadLine();
}
static int GetObjID(string strWebSite)
{
string objName = strWebSite;// args[0];
//Console.WriteLine(objName);
Regex regex = new Regex(objName);
string tmpStr;
// string entPath = "IIS://LocalHost/W3SVC/";// String.Format("IIS://{0}/w3svc", objName);
//
DirectoryEntry ent = new DirectoryEntry("IIS://Localhost/W3SVC");
foreach (DirectoryEntry child in ent.Children)
{
//Console.WriteLine(child.Name);
if (child.SchemaClassName == "IIsWebServer")
{
if (child.Properties["ServerBindings"].Value != null)
{
tmpStr = child.Properties["ServerBindings"].Value.ToString();
if (regex.Match(tmpStr).Success)
{
Console.WriteLine(child.Name);
return int.Parse(child.Name);
//return child.Name;
}
}
if (child.Properties["ServerComment"].Value != null)
{
tmpStr = child.Properties["ServerComment"].Value.ToString();
if (regex.Match(tmpStr).Success)
{
//onsole.WriteLine(child.Properties["path"].Value);
// Console.WriteLine(child.Name);
return int.Parse(child.Name);
}
}
}
}
return -1;
}
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- XStream使用详解
- 转:大数据 2016 landscape
- ajax操作提交整个表单内容
- v
- Java实现图片压缩代码,图片大小转换
- CCS3 @media实现响应式布局
- 灵感网站
- 写一个之前遇到的问题,遇到ios项目中包含idfa的解决办法
- GO语言初识与编程环境配置
- vs2015 LINK : fatal error LNK1104: cannot open file 'ucrt.lib'
- flume-ng负载均衡load-balance、failover集群搭建
- aaa
- 挂在磁盘到centos7 并设置开机启动
- Java 枚举7常见种用法
- MySQL 对比数据库表结构
- 让U盘永不中毒的解决办法
- JSF JQUERY 使用datepicker
- Android DatePickerDialog 设置选择时间的最大值
- 六、nginx搭建织梦DedeCms网站
- Guava教程-EventBus