Restrict access to Elmah based on IP address

Question

I need to restrict access to elmah.axd. elvue.html based on certain IP addresses. The website is on IIS 6.0 and .Net 3.5. I cannot use Forms authentication or windows authentication. I am thinking of using the approach of an http module. http://www.codeproject.com/Articles/16384/Using-ASP-NET-HTTP-Modules-to-restrict-access-by-I

I cannot use the approach of restricting access in web.config since that is only for IIS 7. http://boseca.blogspot.com/2010/12/programmatically-addremove-ip-security.html

Does someone have pointers on how I can tackle this problem? Please advise.

Answer 1

I implemented this using the following code:

protected void Application_BeginRequest(Object sender, EventArgs e)
        {
            var ClientSourceIP = Context.Request.Headers["CLIENT_SRC_IP"];
            var HTTPClientSourceIP = Context.Request.Headers["HTTP_CLIENT_SRC_IP"];
            var isValidClientSourceIP = ClientSourceIP == null || 
                Regex.IsMatch(ClientSourceIP, ConfigurationManager.AppSettings["ValidClientSourceIP"]);
            var isValidHTTPClientSourceIP = HTTPClientSourceIP == null || 
                Regex.IsMatch(HTTPClientSourceIP, ConfigurationManager.AppSettings["ValidHTTPClientSourceIP"]);

            if (
                (Context.Request.Path.Contains("elmah.axd") || Context.Request.Path.Contains("elvue.aspx")) &&
                ((isValidClientSourceIP && isValidHTTPClientSourceIP) == false)
            )
            {
                this.Context.Response.StatusCode = 403;
                return;
            }
        }

Answer 2

I've done this in IIS 7 with a module : IP restrictions.

Here's a guide on how to do it in IIS 6: http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/4117d9e2-c7e0-46db-88f6-6e804b4325b0.mspx?mfr=true

Also, have you tried modifying the web.config like so: http://weblogs.asp.net/gurusarkar/archive/2008/09/29/setting-authorization-rules-for-a-particular-page-or-folder-in-web-config.aspx ?