Can you use <ipsecurity> in web.config to block access by IP address in nop2.2?

Sure, you can

What is the recommended what to blacklist IPs in nop 2.x ?

I keep getting a 500 Error when using <ipsecurity>

Does not work for me either.  Even on localhost (IIS Express)


  <system.webServer>
    <security>
      <ipSecurity allowUnlisted="true">    <!-- this line allows everybody, except those listed below -->                
         <clear/> <!-- removes all upstream restrictions -->
         <add ipAddress="38.100.21.19"/>   <!-- block one IP  -->                
      </ipSecurity>
    </security>
      
    <modules runAllManagedModulesForAllRequests="true" />
    <validation validateIntegratedModeConfiguration="false" />
    <handlers>  
      <remove name="asset" />
      <add name="asset" preCondition="integratedMode" verb="GET,HEAD" path="asset.axd" type="Telerik.Web.Mvc.WebAssetHttpHandler, Telerik.Web.Mvc" />
    </handlers>
  </system.webServer>




HTTP Error 500.19 - Internal Server Error
The requested page cannot be accessed because the related configuration data for the page is invalid.

Detailed Error Information:
Module     IpRestrictionModule
Notification     BeginRequest
Handler     ExtensionlessUrl-Integrated-4.0
Error Code     0x80070021
Config Error     This configuration section cannot be used at this path. This happens when the section is locked at a parent level. Locking is either by default (overrideModeDefault="Deny"), or set explicitly by a location tag with overrideMode="Deny" or the legacy allowOverride="false".
Config File     \\?\C:\Users\myname\Documents\My Web Sites\myweb\web.config

Config Source:
   73:     <security>
   74:       <ipSecurity allowUnlisted="true">    <!-- this line allows everybody, except those listed below -->                
   75:          <clear/> <!-- removes all upstream restrictions -->



(From Trace file)


ModuleName IpRestrictionModule

Notification BEGIN_REQUEST

HttpStatus 500

HttpReason Internal Server Error

HttpSubStatus 19

ErrorCode  The process cannot access the file because another process has locked a portion of the file.
(0x80070021)

ConfigExceptionInfo
\\?\C:\Users\myname\Documents\My Web Sites\myweb\web.config ( 74) :This configuration section cannot be used at this path. This happens when the section is locked at a parent level. Locking is either by default (overrideModeDefault="Deny"), or set explicitly by a location tag with overrideMode="Deny" or the legacy allowOverride="false".

Has anyone tried using  ipSecurity in NopC web.config?  Is it working for anyone?

where's the "BLACKLIST" in NOP 2.X ??

@nopC Team

Would you please add work item(s) to either implement Ip Blacklist or add some hooks so that it could be done with a plugin?

Also, same regarding IsSearchEngine().  To prevent consumption of Customer Ids due to "guest access" by pingalive.com, for now I'm hard coding, but it would be nice to have some hook for a plugin.

src\Libraries\Nop.Core\WebHelper.cs

        public virtual bool IsSearchEngine(HttpRequestBase request)
        {
           ...
                result = request.Browser.Crawler;
                if (!result)
                {
                    //put any additional known crawlers in the Regex below for some custom validation
                    //var regEx = new Regex("Twiceler|twiceler|BaiDuSpider|baduspider|Slurp|slurp|ask|Ask|Teoma|teoma|Yahoo|yahoo");
                    //result = regEx.Match(request.UserAgent).Success;
                    result = "77.73.3.96,".Contains(request.UserHostAddress); //pingalive.com
                }
            ...

New York wrote:
Sure

Wondering if Anyone else is MISSING the "Blacklist" feature. We have just launched on NOP 2.3 and Now our site gets hit ALL DAY long with traffic from China, India, etc.

Why would this feature be taken out of A Shopping Cart Solution, leaving Shopping Cart admin's like myself "Naked" with no solution to get Rid of this traffic.

If you currently have a NOP Solution running and make use of the Blacklist, I would NOT recommend upgrading to 2.X as there is NO easy to use menu on the Admin Back end to manage IP's and/or networks.