Keyvan Nayyeri

Those who have been following this blog for a longer time or at least more than a year may remember a free ASP.NET HttpModule that I had written and called it ClientBlocker. The last stable version of ClientBlocker was version 1.5 for ASP.NET 2.0. This is a HttpModule that blocks clients from accessing an ASP.NET site based on their IP address and  the black list that webmaster defines for the module.

I've been silent about this module until yesterday when I decided to revisit some of the old ideas that I had to make them open source and improve their code for newer technologies.

ClientBlocker was one of those projects and the first project in the queue. I created a new CodePlex project and moved my code to its repository. One of the initial changes was to put a space in the name to make it Client Blocker (it's beautiful!) and I chose Apache 2.0 license for the project.

After that I began my work on the code to improve it. I made a few major changes in a day to release version 2.0. One change is the addition of a provider model to the project to let you write your own data provider for storage. XML data provider is still the default provider. The other change was dropping the web-service from the module because I found it inappropriate for this module so Client Blocker no longer checks the country for visitors against a web-service. The third change was simplifying the configuration to configuring the data provider and HttpModule and the last addition was XML code comments that now help you understand the code easier.

Moreover, I made some tweaks into the code to improve it and make it better. Now Client Blocker looks more professional and simpler. You may say there are many free and open source modules that do this but I have to answer you that this HttpModule was one of the first open source and free modules for this purpose that I wrote. I can remember the days when such modules were commercial products or commercial features of some products like Community Server.

Download

After moving the project to CodePlex and updating its code, I also upgraded its solution to Visual Studio 2008 and .NET Framework 3.5 but provided a .NET 2.0 assembly for those who want to apply it for ASP.NET 2.0 sites.

So you can download binary and source packages (for .NET 2.0 and 3.5) from here.

How to Use

After downloading the appropriate package for your web application, you need to deploy the assembly to bin folder on your server then configure the HttpModule. If you're going to use the default XML data provider then you also need to deploy an XML file containing the black list data on your server.

There is a sample ASP.NET 3.5 web application that I've added to the solution and is available in the source code package and I think it includes everything necessary for you to get started with the module.

To configure your site for the default XML data provider you need an XML file that contains a list of trusted or blocked IP addresses or IP ranges. I think the following sample XML file guides you to write your own file easily.

To configure your HttpModule in Web.Config file you need to follow three steps:

• Add the appropriate configuration section for the data provider.
• Add the data provider configuration.
• Add the configuration for HttpModule.

You can define a <ClientBlockerProvider /> element in your <configSections /> element within <configuration /> like what you see here:

After this, you can configure your data provider. The default provider is XML and it just requires a filePath attribute that points to the virtual path of the XML black list file.

And the last step is to add the HttpModule, itself, to the Web.Config file. This is similar to adding any other HttpModule as you see below:

At the end I would point that this module blocks incoming visits from blocked IPs or IP ranges with a 200 server status code.