Blacklist I.P Address feature

when we add any I.P address in manage blacklist, it restricts that i.p address to view anything related the website and promps an error "Acess Denied - you don't have permission to view this directory"

But this error is the same error when we try to access some parts of the website that are not allowed to be shared or view.

Is it possible that if we block/blacklist any I.P address and if someone tries to visit the website from that blacklisted I.P address and that person get "StoreClosed.html" page instead of getting "Access Denied" message ?

Look at Libraries\Nop.HttpModules.BlacklistModule\BlacklistHttpModule.cs file. All you need to do is to replace application.Server.Transfer("~/BannedAddress.htm"); with application.Server.Transfer("~/StoreClosed.html");

nopCommerce team | a.m. wrote:

ok Andrei , the problem is i am not even getting BannedAddress.htm page.

I tried blocking my I.P address which is something like in this format "91.53.31.181".

So i went to admin section > Configuration > Blacklist and i added my I.P address as "Banned I.P"

now when i try to access the website i don't get BannedAddress.htm page instead of that i get Erro 403 Access is Denied message.

Here's the screenshot:
http://img264.imageshack.us/img264/1559/bannedip.jpg

Open Libraries\Nop.HttpModules.BlacklistModule\BlacklistHttpModule.cs file. And remove the following line

application.Response.StatusCode = 403;

Thank You Andrei

nopCommerce team | a.m. wrote:

ok Andrei i think it's a bug.

it worked but after testing it in many browsers i realized that it doesn't work in latest version of mozilla (v 3.6.8) and chrome (7.0.517.41), Netscape (v 9.006) and flock browser (v2.6.1).

If i block an I.P address and try to visit the website from that blocked I.P Address in the above mentioned browsers instead of getting blockaddress.htm i get the code of the html page like this:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
    <title>You're banned :(</title>
</head>
<body>
<h1>Ooops, it seems you're IP address or network was banned from this website!</h1>
<p>You or someone else used your IP and we have banned it :(</p>
</body>
</html>

I also noticed that when a banned I.P address is trying to visit the website, the code is redirecting the user to the banneraddress.htm but if you notice the address bar the link of the website remains same i.e www.website.com/default.aspx and it doesn't change to www.website.com/bannedaddress.htm.

Then i tried to visit the direct link "www.website.com/bannedaddress.htm" and it works fine in all the browsers even in browsers that i mentioned above.

So i think it is not a design bug, it's something to do with redirecting method, the banneraddress.htm is getting rendered by the code in such a way that is it not getting displayed properly. The reason i am saying this is because if it would have been a design bug then even visiting a direct link "www.website.com/bannedaddress.htm" will not display the page properly.

Andrei after testing if you think it's a bug and if you decide to fix it in the next version, could you please provide me the temporary fix for now so that i don't have to wait for 1.9version ?

abcd_12345 wrote:
But it's the content of BannedAddress.htm where you were redirected

abcd_12345 wrote:
1. Open \Libraries\Nop.HttpModules.BlacklistModule\BlacklistHttpModule.cs
2. Replace

application.Response.StatusCode = 403;
application.Server.Transfer("~/BannedAddress.htm");
application.Response.StatusDescription = "Access is denied";
application.Response.End();

with

application.Context.Response.Redirect("~/BannedAddress.htm");

Fixed !!! Now it's working perfectly fine. Thank You Andrei, i really appreciate your help...

I have added my IP address banner IP list, but still my site is opening

The Blacklist feature has never worked for me either.  For some time, I have been adding IPs when I see suspicious website activity, and the user is able to come right back to the site.  I have even found myself inadvertently trying to blacklist IP addresses that I had already blacklisted because the user is still allowed in.  I tried to block my own IP address as the ultimate test and that didn't work either.  I tried using an .htaccess file to deny IPs, but that didn't work, (maybe because I'm not sure of exactly where to save the file).  I tried contacting my host, but they said that, In ASP hosting, there is no way to block IP's on my end, but that I would have to send emails to the host, whenever I needed an IP blocked.

Does anyone know if this is correct, or if I am missing something.  The other forum posts, seem to imply that NopCommerce users are having success with the blacklist feature...what am I doing wrong?