通过禁止的IP地址,阻止访问网站 [英] Blocking access to site by banned IP addresses
问题描述
我有不断攻击我的网站之一机器人/黑客的IP地址的列表。我想阻止这些游客通过IP和我试图找出这个最佳的做法。我的网站使用C#ASP.NET MVC。
I have a list of IP addresses of bots/hackers that are constantly attacking one of my sites. I want to block these visitors by IP and am trying to work out a "best" approach for this. My site uses C# ASP.NET MVC.
我有一个列表与LT; INT方式> IP年代
在哪里是把支票code的最佳地点?我想用一个母版页的Page_Load事件,但也可以把它放在一个过滤器,每个控制器...
Where is the best place to put the check code? I'm thinking of using the Page_Load event of a master page but could also put it in a filter to each controller...
你返回到禁止的IP HTML是什么?我不愿意返回网站阻止,因为你的IP是被禁止的,因为这会给黑客的信息,他们需要解决块。这样做的好处是,它会给谁已经在交火中被抓,为什么他们不能访问该网站的原因无辜的用户。我现在的感觉是,我应该网站正在维护的通知返回。
What HTML do you return to the banned IP? I am reluctant to return a "site blocked because your IP is banned" because this will give the hackers the information they need to work around the block. The advantage of doing this is that it will give the innocent users who have been caught in the crossfire the reason why they can't access the site. My current feeling is that I should return a "Site under maintenance" notice.
什么HTTP状态code,我应该网站正在维护通知用假回来吗?我想200。
What HTTP status code should I return with a fake "Site under maintenance" notice? I'm thinking 200.
厂址Server 2003上运行。
Site is running on Server 2003.
推荐答案
虽然可以阻止您向外的服务器上的IP地址(你的Web服务器很明显,但你可能有其他人)这个名单将需要在所有被复制。通过阻止在服务器上你不仅过于复杂的解决方案,而且还提供了这是不是完全安全的方法。
While you could block the IP addresses on your outward facing servers (your web servers obviously but you may have others) this list will need to be replicated across all. By blocking on a server you're not only overcomplicating the solution but also providing a method which is not wholly secure.
适当的点阻止网络流量,无论是端口或IP地址的选择列表,是远在网络上,你可以得到。这通常是在您的切入点防火墙/路由器。这些网络设备被用于这个目的的优化,以及远不止于此。根据您的网络设备制造商提供的功能集将有很大的不同。
The proper point to block network traffic, whether it be a select list of ports or IP addresses, is as far out on your network as you can get. This is typically a firewall/router at your entry point. These networking devices are optimized for this very purpose, as well as far beyond that. Depending on the manufacturer of your networking equipment the feature set will widely vary.
我建议你:
- 确定所有路由器/在防火墙
最外层的边界。有可能的
你只有一个,除非你是负荷
平衡。 - 了解如何配置ACL
(访问控制列表),用于那些
设备。 - 修改根据您的IP访问控制列表
地址列表来阻止。 - 始终保存您的网络备份
设备配置在其他地方。
Obviuosly这是安全的只是冰山的一角。也许,在某些时候,你需要与DOS(拒绝服务攻击),然后一些抗衡 - 哦乐趣
Obviuosly this is just the tip of the iceberg in security. Perhaps at some point you'll need to contend with DOS (Denial of Service attacks) and then some - oh the fun.
祝你好运。
这篇关于通过禁止的IP地址,阻止访问网站的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
