HttpModule - HTTP BlackList

Being as I appreciate the what httpbl is trying to do (blackball web requests based on clients known to be infected with a virus)... I wrote an ISAPI filter in .Net...
Basically, you just specify your preferred DNSBL in the web.config's AppSettings. Every request coming in is verified against the DNSBL. Any matches (indicating a bad person is requesting) is kicked out.

Hindsight: I should've added support for caching the data.

Disclaimer: this was written a while ago (2007)... I do not recall how much testing I did at the time... and IIS may have changed since then.
Language:
VB.Net
Keywords:
HttpModule
Code Snippet

Namespace SBrickey

    Public Class HoneyPotValidator

        Public Structure IPv4

            Public FirstOctet As Byte

            Public SecondOctet As Byte

            Public ThirdOctet As Byte

            Public FourthOctet As Byte

            Public Const TotalOctets As Integer = 4

        End Structure

        Private Shared Function ToIPv4(ByVal inpstr As String) As IPv4

            Dim Octets() As Byte : ReDim Octets(-1)

            Dim strOctets() As String : ReDim Octets(-1)

            Try

                strOctets = Split(inpstr, ".")

                For t As Integer = strOctets.GetLowerBound(0) To strOctets.GetUpperBound(0)

                    ReDim Preserve Octets(Octets.GetUpperBound(0) + 1)

                    Octets(Octets.GetUpperBound(0)) = strOctets(t)

                Next

            Catch ex As Exception

            End Try

            Dim RetVal As IPv4

            Try

                If Octets.GetUpperBound(0) = HoneyPotValidator.IPv4.TotalOctets - 1 Then

                    RetVal = New IPv4

                    RetVal.FirstOctet = Octets(0)

                    RetVal.SecondOctet = Octets(1)

                    RetVal.ThirdOctet = Octets(2)

                    RetVal.FourthOctet = Octets(3)

                    Return RetVal

                End If

            Catch ex As Exception

            End Try

            Return RetVal

        End Function

        Private Shared Function ReverseIP(ByVal inpIP As IPv4) As IPv4

            Dim RetVal As IPv4

            If Not Object.ReferenceEquals(inpIP, Nothing) Then

                RetVal = New IPv4

                RetVal.FirstOctet = inpIP.FourthOctet

                RetVal.SecondOctet = inpIP.ThirdOctet

                RetVal.ThirdOctet = inpIP.SecondOctet

                RetVal.FourthOctet = inpIP.FirstOctet

            End If

            Return RetVal

        End Function

        ''' <summary>

        ''' Validates a requesting IP

        ''' </summary>

        ''' <param name="AccessKey">HoneyPot HTTP:BL AccessKey</param>

        ''' <param name="reqestor">IP address of the requestor</param>

        Public Shared Function ExistsInHttpBL(ByVal AccessKey As String, ByVal RequestIP As String) As Boolean

            Return HoneyPotValidator.ExistsInHttpBL(AccessKey, HoneyPotValidator.ToIPv4(RequestIP))

        End Function

        Public Shared Function ExistsInHttpBL(ByVal AccessKey As String, ByVal RequestIP As IPv4) As Boolean

            'Dim DNSCli As System.Net.Dns = New System.Net.Dns

            Dim RetVal As Boolean = False

            If Not Object.ReferenceEquals(RequestIP, Nothing) Then

                Dim ReqStr As String = String.Empty

                ReqStr &= AccessKey

                ReqStr &= "."

                ReqStr &= RequestIP.FourthOctet

                ReqStr &= "."

                ReqStr &= RequestIP.ThirdOctet

                ReqStr &= "."

                ReqStr &= RequestIP.SecondOctet

                ReqStr &= "."

                ReqStr &= RequestIP.FirstOctet

                ReqStr &= "dnsbl.httpbl.org"

                Try

                    Dim Response As System.Net.IPHostEntry = System.Net.Dns.GetHostEntry(ReqStr)

                    RetVal = Response.AddressList.Length > 0

                Catch ex As Exception

                    If TypeOf ex Is System.Net.Sockets.SocketException And ex.Message = "No such host is known" Then

                        RetVal = False

                    Else

                        'Throw ex

                    End If

                End Try

            End If

            Return RetVal

            'ReqStr = "nnhohyelmfoz.105.188.30.75.dnsbl.httpbl.org"

        End Function

    End Class

    Public Class ValidatorISAPI

        Implements System.Web.IHttpModule

        Private httpApp As System.Web.HttpApplication

        Private AccessKey As String

        Public Sub Init(ByVal context As System.Web.HttpApplication) Implements System.Web.IHttpModule.Init

            'identify any web.config properties

            'or check registry?

            'configurationmanager.appsettings

            Me.AccessKey = System.Configuration.ConfigurationManager.AppSettings("httpbl_AccessKey")

            'check for any exception ranges (10.x?)

            'or if not set, then ISAPI filter should automatically allow

            Me.httpApp = context

            AddHandler httpApp.AuthenticateRequest, AddressOf AuthenticateRequest

        End Sub

        Public Sub Dispose() Implements System.Web.IHttpModule.Dispose

        End Sub

        Public Sub AuthenticateRequest(ByVal sender As Object, ByVal e As EventArgs)

            If TypeOf sender Is System.Web.HttpApplication Then

                With CType(sender, System.Web.HttpApplication)

                    Dim ReqIP As String = .Request.UserHostAddress

                    If HoneyPotValidator.ExistsInHttpBL(Me.AccessKey, ReqIP) Then

                        .Response.Clear()

                        .Response.StatusCode = 501

                        .Response.Close()

                    End If

                End With

            End If

        End Sub

    End Class

End Namespace


Created 2012-02-05
comments powered by Disqus
Login