动态封杀与解封IP
不论IIS6还是IIS7 都可以把需要封杀的IP加入封杀列表。但是需要注意的是我们代码写的是全部替换原先的数据。但是在IIS7下,执行的效果是原先的不替换,新加一批封杀 IP。当然IIS7下,如果新加的IP原来就有了,则会报如下异常:
System.Runtime.InteropServices.COMException was caught
Message="当文件已存在时,无法创建该文件。 (异常来自 HRESULT:0x800700B7)"
Source="System.DirectoryServices"
ErrorCode=-2147024713
StackTrace:
在 System.DirectoryServices.DirectoryEntry.CommitChanges()
在 IIS_Security_ConsoleApplication.Program.IPDeny() 位置 D:\MyCodes\IIS_Security_ConsoleApplication \IIS_Security_ConsoleApplication\Program.cs:行号 109
InnerException:
这就是说,IIS7, 我们可以通过编程接口增加封杀IP名单,但是没发通过编程接口剔出封杀IP。
如果谁知道怎么在iis7下面提出限制ip的请M我 571111539@qq.com,下面代码不是很完整,自行修改
[STAThread] static void Main(string[] args) { string webName = "xiangpi";//网站名 string flag = "-a"; string denyflag = "-d";//-d黑名单 else白名单 string ipString = "192.168.0.89";//要限制的ip string[] ipstringlist = ipString.Split(','); int objID = GetObjID(webName); if (objID <= 0) return; string objName = "IIS://localhost/W3SVC/" + objID+"/ROOT"; Console.WriteLine(objName); try { DirectoryEntry root = new DirectoryEntry("IIS://localhost/W3SVC"); foreach (DirectoryEntry dir in root.Children) { if (dir.SchemaClassName == "IIsWebServer") { string ww = dir.Properties["ServerComment"].Value.ToString(); Console.WriteLine(string.Format(dir.Path+"/ROOT/{1}", dir.Name, ww)); } } Console.ReadLine(); DirectoryEntry IIS = new DirectoryEntry(objName); Type typ = IIS.Properties["IPSecurity"][0].GetType(); object IPSecurity = IIS.Properties["IPSecurity"][0]; Array origIPDenyList = null; if (denyflag.Equals("-d"))// { //retrieve the IPDeny list from the IPSecurity object origIPDenyList = (Array)typ.InvokeMember("IPDeny", BindingFlags.DeclaredOnly | BindingFlags.Public | BindingFlags.NonPublic | BindingFlags.Instance | BindingFlags.GetProperty, null, IPSecurity, null); // display what was being denied List<string> iplist = new List<string>(); foreach (string s in origIPDenyList) { //iplist.Add(s); Console.WriteLine("已有拒绝条目: " + s); } // check GrantByDefault. This has to be set to true, // or what we are doing will not work. if (flag.Equals("-a")) { foreach (string s in ipstringlist) { string ipstring = s + ", 255.255.255.255"; if (!iplist.Contains(ipstring)) iplist.Add(ipstring); } } else if (flag.Equals("-g")) { foreach (string ip in iplist) { Console.WriteLine(ip); } } else { foreach (string s in ipstringlist) { string ipstring = s + ", 255.255.255.255"; if (iplist.Contains(ipstring)) iplist.Remove(ipstring); } } bool bGrantByDefault = (bool)typ.InvokeMember("GrantByDefault", BindingFlags.DeclaredOnly | BindingFlags.Public | BindingFlags.NonPublic | BindingFlags.Instance | BindingFlags.GetProperty, null, IPSecurity, null); // Console.WriteLine("GrantByDefault = " + bGrantByDefault); if (!bGrantByDefault) { typ.InvokeMember("GrantByDefault", BindingFlags.DeclaredOnly | BindingFlags.Public | BindingFlags.NonPublic | BindingFlags.Instance | BindingFlags.SetProperty, null, IPSecurity, new object[] { true }); } object[] newIPDenyList = new object[iplist.Count]; int i = 0; foreach (string s in iplist) { newIPDenyList[i] = s; i++; } typ.InvokeMember("IPDeny", BindingFlags.DeclaredOnly | BindingFlags.Public | BindingFlags.NonPublic | BindingFlags.Instance | BindingFlags.SetProperty, null, IPSecurity, new object[] { ipString }); IIS.Properties["IPSecurity"][0] = IPSecurity; // Console.WriteLine("Commiting the changes."); // commit the changes IIS.CommitChanges(); IIS.RefreshCache(); // check to see if the update took Console.WriteLine("Checking to see if the update took."); IPSecurity = IIS.Properties["IPSecurity"][0]; Array y = (Array)typ.InvokeMember("IPDeny", BindingFlags.DeclaredOnly | BindingFlags.Public | BindingFlags.NonPublic | BindingFlags.Instance | BindingFlags.GetProperty, null, IPSecurity, null); // foreach (string s in y) // / Console.WriteLine("After: " + s); } else { origIPDenyList = (Array)typ.InvokeMember("IPGrant", BindingFlags.DeclaredOnly | BindingFlags.Public | BindingFlags.NonPublic | BindingFlags.Instance | BindingFlags.GetProperty, null, IPSecurity, null); // display what was being denied List<string> iplist = new List<string>(); foreach (string s in origIPDenyList) { iplist.Add(s); //Console.WriteLine("Before: " + s); } // check GrantByDefault. This has to be set to true, // or what we are doing will not work. if (flag.Equals("-a")) { foreach (string s in ipstringlist) { string ipstring = s + ", 255.255.255.255"; if (!iplist.Contains(ipstring)) iplist.Add(ipstring); } } else if (flag.Equals("-g")) { foreach (string ip in iplist) { Console.WriteLine(ip); } } else { foreach (string s in ipstringlist) { string ipstring = s + ", 255.255.255.255"; if (iplist.Contains(ipstring)) iplist.Remove(ipstring); } } bool bGrantByDefault = (bool)typ.InvokeMember("GrantByDefault", BindingFlags.DeclaredOnly | BindingFlags.Public | BindingFlags.NonPublic | BindingFlags.Instance | BindingFlags.GetProperty, null, IPSecurity, null); // Console.WriteLine("GrantByDefault = " + bGrantByDefault); if (bGrantByDefault) { typ.InvokeMember("GrantByDefault", BindingFlags.DeclaredOnly | BindingFlags.Public | BindingFlags.NonPublic | BindingFlags.Instance | BindingFlags.SetProperty, null, IPSecurity, new object[] { false }); } object[] newIPDenyList = new object[iplist.Count]; int i = 0; foreach (string s in iplist) { newIPDenyList[i] = s; i++; } typ.InvokeMember("IPGrant", BindingFlags.DeclaredOnly | BindingFlags.Public | BindingFlags.NonPublic | BindingFlags.Instance | BindingFlags.SetProperty, null, IPSecurity, new object[] { newIPDenyList }); IIS.Properties["IPSecurity"][0] = IPSecurity; // Console.WriteLine("Commiting the changes."); // commit the changes IIS.CommitChanges(); IIS.RefreshCache(); // check to see if the update took Console.WriteLine("Checking to see if the update took."); IPSecurity = IIS.Properties["IPSecurity"][0]; Array y = (Array)typ.InvokeMember("IPGrant", BindingFlags.DeclaredOnly | BindingFlags.Public | BindingFlags.NonPublic | BindingFlags.Instance | BindingFlags.GetProperty, null, IPSecurity, null); } } catch (Exception e) { Console.WriteLine("Error: " + e.ToString()); } Console.ReadLine(); } static int GetObjID(string strWebSite) { string objName = strWebSite;// args[0]; //Console.WriteLine(objName); Regex regex = new Regex(objName); string tmpStr; // string entPath = "IIS://LocalHost/W3SVC/";// String.Format("IIS://{0}/w3svc", objName); // DirectoryEntry ent = new DirectoryEntry("IIS://Localhost/W3SVC"); foreach (DirectoryEntry child in ent.Children) { //Console.WriteLine(child.Name); if (child.SchemaClassName == "IIsWebServer") { if (child.Properties["ServerBindings"].Value != null) { tmpStr = child.Properties["ServerBindings"].Value.ToString(); if (regex.Match(tmpStr).Success) { Console.WriteLine(child.Name); return int.Parse(child.Name); //return child.Name; } } if (child.Properties["ServerComment"].Value != null) { tmpStr = child.Properties["ServerComment"].Value.ToString(); if (regex.Match(tmpStr).Success) { //onsole.WriteLine(child.Properties["path"].Value); // Console.WriteLine(child.Name); return int.Parse(child.Name); } } } } return -1; }
