ZNetCS.AspNetCore.IPFiltering
7.0.0
dotnet add package ZNetCS.AspNetCore.IPFiltering --version 7.0.0
NuGet\Install-Package ZNetCS.AspNetCore.IPFiltering -Version 7.0.0
<PackageReference Include="ZNetCS.AspNetCore.IPFiltering" Version="7.0.0" />
paket add ZNetCS.AspNetCore.IPFiltering --version 7.0.0
#r "nuget: ZNetCS.AspNetCore.IPFiltering, 7.0.0"
// Install ZNetCS.AspNetCore.IPFiltering as a Cake Addin #addin nuget:?package=ZNetCS.AspNetCore.IPFiltering&version=7.0.0 // Install ZNetCS.AspNetCore.IPFiltering as a Cake Tool #tool nuget:?package=ZNetCS.AspNetCore.IPFiltering&version=7.0.0
ZNetCS.AspNetCore.IPFiltering
A middleware that allows whitelist or blacklist incomming requests based on IP address. It can be configured using single IP address or ranges. It supports single IP, IP range IPv4 and IPv6. There is also possible to ignore specific paths from IP filtering.
Installing
Install using the ZNetCS.AspNetCore.IPFiltering NuGet package
PM> Install-Package ZNetCS.AspNetCore.IPFiltering
Usage
When you install the package, it should be added to your .csproj. Alternatively, you can add it directly by adding:
<ItemGroup>
<PackageReference Include="ZNetCS.AspNetCore.IPFiltering" Version="6.0.1" />
</ItemGroup>
.NET 6
In order to use the IP filtering middleware, you must configure the services in the Program.cs file.
// Add services to the container.
builder.Services.AddIPFiltering(builder.Configuration.GetSection("IPFiltering"));
or
// Add services to the container.
builder.Services.AddIPFiltering(
opts =>
{
opts.DefaultBlockLevel = DefaultBlockLevel.All;
opts.HttpStatusCode = HttpStatusCode.NotFound;
opts.Blacklist = new List<string> { "192.168.0.100-192.168.1.200" };
opts.Whitelist = new List<string> { "192.168.0.10-192.168.10.20", "fe80::/10" };
opts.IgnoredPaths = new List<string> { "get:/ignoreget", "*:/ignore" };
opts.PathOptions = new List<PathOptions> { ... };
});
then
// Configure IP filtering
app.UseIPFiltering();
.NET 5 and Below
In order to use the IP filtering middleware, you must configure the services in the ConfigureServices and Configure call of Startup. Make
sure middleware is added just after logging to prevent any other middleware to run, so block is most effective:
public void ConfigureServices(IServiceCollection services)
{
services.AddIPFiltering(this.Configuration.GetSection("IPFiltering"));
}
or
public void ConfigureServices(IServiceCollection services)
{
services.AddIPFiltering(
opts =>
{
opts.DefaultBlockLevel = DefaultBlockLevel.All;
opts.HttpStatusCode = HttpStatusCode.NotFound;
opts.Blacklist = new List<string> { "192.168.0.100-192.168.1.200" };
opts.Whitelist = new List<string> { "192.168.0.10-192.168.10.20", "fe80::/10" };
opts.IgnoredPaths = new List<string> { "get:/ignoreget", "*:/ignore" };
opts.PathOptions = new List<PathOptions> { ... };
});
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
app.UseIPFiltering();
// other middleware e.g. MVC etc
}
File
Middleware can be configured in appsettings.json file. By adding following section and use following ConfigureServices method:
{
"IPFiltering": {
"DefaultBlockLevel": "All",
"HttpStatusCode": 404,
"Whitelist": [ "192.168.0.10-192.168.10.20", "fe80::/10" ],
"Blacklist": [ "192.168.0.100-192.168.1.200"],
"IgnoredPaths": [ "GET:/ignoreget", "*:/ignore" ],
"PathOptions": [
{
"Paths": [ "GET:/pathget", "*:/path" ],
"DefaultBlockLevel": "None",
"HttpStatusCode": 401,
"Whitelist": [ "192.168.0.100-192.168.1.200" ],
"Blacklist": [ "192.168.0.10-192.168.10.20", "fe80::/10" ]
},
{
"Paths": [ "GET:/path2get", "*:/path2" ],
"DefaultBlockLevel": "All",
"HttpStatusCode": 401,
"Whitelist": [ "192.168.0.10-192.168.10.20", "fe80::/10" ],
"Blacklist": [ "192.168.0.100-192.168.1.200" ]
}
]
}
}
Configuration
This middleware can be configured using following configuration options:
DefaultBlockLeveldefines default action when IP address is not listed. Can be configured toNoneorAll. Default value isAll.HttpStatusCodedefines status code that is returned to client when IP address is forbidden. Default value is404(Not Found).Whitelistdefines list of IP address ranges that are allowed for request.Blacklistdefines list of IP address ranges that are forbidden for request.IgnoredPathsdefines list of paths with HTTP Verb to be ignored from IP filtering.*means all HTTP Verbs for given path will be ignored. Format{VERB}:{PATH}(no space after:). This configuration is case insensitive.PathOptionsdefines list of paths with HTTP Verb to be processed with custom rules.*means all HTTP Verbs for given path will be ignored. Format{VERB}:{PATH}(no space after:). This configuration is case insensitive.
IP Address Ranges
Whitelist and Blacklist can be defined as single IP address or IP address range. For parsing middleware is using extenal
package: https://github.com/jsakamoto/ipaddressrange. Ranges can be defined in following formats:
192.168.0.0/255.255.255.0192.168.0.10-192.168.10.20fe80::/10
| Product | Versions Compatible and additional computed target framework versions. |
|---|---|
| .NET | net5.0 was computed. net5.0-windows was computed. net6.0 is compatible. net6.0-android was computed. net6.0-ios was computed. net6.0-maccatalyst was computed. net6.0-macos was computed. net6.0-tvos was computed. net6.0-windows was computed. net7.0 is compatible. net7.0-android was computed. net7.0-ios was computed. net7.0-maccatalyst was computed. net7.0-macos was computed. net7.0-tvos was computed. net7.0-windows was computed. net8.0 was computed. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. |
| .NET Core | netcoreapp3.1 is compatible. |
-
.NETCoreApp 3.1
- IPAddressRange (>= 4.2.0)
-
net6.0
- IPAddressRange (>= 4.2.0)
-
net7.0
- IPAddressRange (>= 4.2.0)
NuGet packages
This package is not used by any NuGet packages.
GitHub repositories
This package is not used by any popular GitHub repositories.
Fix issue for .NET 7.0.1 and 7.0.2