使用IIS API禁用IP访问

这个类是基于 Microsoft.Web.Administration 写的一个简单封装:
PS: Microsoft.Web.Administration 可通过 Nuget 搜索安装。

public class IISAdministration
{
    private readonly ServerManager serverManager;
    public IISAdministration()
    {
        serverManager = new ServerManager();
    }

    public IEnumerable GetWorkerProcesses()
    {
        return serverManager.WorkerProcesses;
    }

    public IEnumerable GetSiteNames()
    {
        foreach (var item in GetWorkerProcesses())
        {
            yield return item.AppPoolName;
        }
    }

    public ConfigurationElementCollection GetIpSecurityCollection(string site)
    {
        return GetConfigurationElementCollection("system.webServer/security/ipSecurity", site);
    }

    public ConfigurationElementCollection GetConfigurationElementCollection(string sectionName, string site = "")
    {
        var config = serverManager.GetApplicationHostConfiguration();
        ConfigurationSection section;
        if (string.IsNullOrWhiteSpace(site))
        {
            section = config.GetSection(sectionName);
        }
        else
        {
            section = config.GetSection(sectionName, site);
        }
        return section.GetCollection();
    }

    public void CreateElement(ConfigurationElementCollection section, ConfigurationElement element)
    {
        section.Add(element);
        serverManager.CommitChanges();
    }

    public void RemoveElement(ConfigurationElementCollection section, ConfigurationElement element)
    {
        section.Remove(element);
        serverManager.CommitChanges();
    }

    public bool HasBlocked(string siteName, string ip)
    {
        var ipSecurityCollection = this.GetIpSecurityCollection(siteName);
        for (int i = 0; i < ipSecurityCollection.Count; i++)
        {
            var element = ipSecurityCollection[i];
            if ((string)element["ipAddress"] == ip)
            {
                return true;
            }
        }
        return false;
    }

    public void FreeIP(string siteName, string ip)
    {
        if (!HasBlocked(siteName, ip))
        {
            return;
        }
        var ipSecurityCollection = this.GetIpSecurityCollection(siteName);
        for (int i = 0; i < ipSecurityCollection.Count; i++)
        {
            var element = ipSecurityCollection[i];
            if ((string)element["ipAddress"] == ip)
            {
                this.RemoveElement(ipSecurityCollection, element);
                break;
            }
        }
    }

    public void BlockIP(string siteName, string ip)
    {
        if (HasBlocked(siteName, ip))
        {
            return;
        }
        var ipSecurityCollection = this.GetIpSecurityCollection(siteName);
        var element = ipSecurityCollection.CreateElement("add");
        element["ipAddress"] = ip;
        element["allowed"] = false;

        ipSecurityCollection.Add(element);
        serverManager.CommitChanges();
    }
}

使用方法:

var iisAdministration = new IISAdministration();
iisAdministration.BlockIP("", "192.0.0.1");

注意:

  1. BlockIP第一个参数为站点名,如果空字符串,则直接添加到 IIS 根路径下的IP屏蔽。
  2. 此方法会抛出异常,而且需要管理员权限才可执行。

你可能感兴趣的:(使用IIS API禁用IP访问)