IP Restriction in 2.2
- 1
- 2
MVP
- 11337
- 101097
- 5/22/2011
- United States
Does not work for me either. Even on localhost (IIS Express)
<system.webServer>
<security>
<ipSecurity allowUnlisted="true"> <!-- this line allows everybody, except those listed below -->
<clear/> <!-- removes all upstream restrictions -->
<add ipAddress="38.100.21.19"/> <!-- block one IP -->
</ipSecurity>
</security>
<modules runAllManagedModulesForAllRequests="true" />
<validation validateIntegratedModeConfiguration="false" />
<handlers>
<remove name="asset" />
<add name="asset" preCondition="integratedMode" verb="GET,HEAD" path="asset.axd" type="Telerik.Web.Mvc.WebAssetHttpHandler, Telerik.Web.Mvc" />
</handlers>
</system.webServer>
HTTP Error 500.19 - Internal Server Error
The requested page cannot be accessed because the related configuration data for the page is invalid.
Detailed Error Information:
Module IpRestrictionModule
Notification BeginRequest
Handler ExtensionlessUrl-Integrated-4.0
Error Code 0x80070021
Config Error This configuration section cannot be used at this path. This happens when the section is locked at a parent level. Locking is either by default (overrideModeDefault="Deny"), or set explicitly by a location tag with overrideMode="Deny" or the legacy allowOverride="false".
Config File \\?\C:\Users\myname\Documents\My Web Sites\myweb\web.config
Config Source:
73: <security>
74: <ipSecurity allowUnlisted="true"> <!-- this line allows everybody, except those listed below -->
75: <clear/> <!-- removes all upstream restrictions -->
(From Trace file)
ModuleName IpRestrictionModule
Notification BEGIN_REQUEST
HttpStatus 500
HttpReason Internal Server Error
HttpSubStatus 19
ErrorCode The process cannot access the file because another process has locked a portion of the file.
(0x80070021)
ConfigExceptionInfo
\\?\C:\Users\myname\Documents\My Web Sites\myweb\web.config ( 74) :This configuration section cannot be used at this path. This happens when the section is locked at a parent level. Locking is either by default (overrideModeDefault="Deny"), or set explicitly by a location tag with overrideMode="Deny" or the legacy allowOverride="false".
<system.webServer>
<security>
<ipSecurity allowUnlisted="true"> <!-- this line allows everybody, except those listed below -->
<clear/> <!-- removes all upstream restrictions -->
<add ipAddress="38.100.21.19"/> <!-- block one IP -->
</ipSecurity>
</security>
<modules runAllManagedModulesForAllRequests="true" />
<validation validateIntegratedModeConfiguration="false" />
<handlers>
<remove name="asset" />
<add name="asset" preCondition="integratedMode" verb="GET,HEAD" path="asset.axd" type="Telerik.Web.Mvc.WebAssetHttpHandler, Telerik.Web.Mvc" />
</handlers>
</system.webServer>
HTTP Error 500.19 - Internal Server Error
The requested page cannot be accessed because the related configuration data for the page is invalid.
Detailed Error Information:
Module IpRestrictionModule
Notification BeginRequest
Handler ExtensionlessUrl-Integrated-4.0
Error Code 0x80070021
Config Error This configuration section cannot be used at this path. This happens when the section is locked at a parent level. Locking is either by default (overrideModeDefault="Deny"), or set explicitly by a location tag with overrideMode="Deny" or the legacy allowOverride="false".
Config File \\?\C:\Users\myname\Documents\My Web Sites\myweb\web.config
Config Source:
73: <security>
74: <ipSecurity allowUnlisted="true"> <!-- this line allows everybody, except those listed below -->
75: <clear/> <!-- removes all upstream restrictions -->
(From Trace file)
ModuleName IpRestrictionModule
Notification BEGIN_REQUEST
HttpStatus 500
HttpReason Internal Server Error
HttpSubStatus 19
ErrorCode The process cannot access the file because another process has locked a portion of the file.
(0x80070021)
ConfigExceptionInfo
\\?\C:\Users\myname\Documents\My Web Sites\myweb\web.config ( 74) :This configuration section cannot be used at this path. This happens when the section is locked at a parent level. Locking is either by default (overrideModeDefault="Deny"), or set explicitly by a location tag with overrideMode="Deny" or the legacy allowOverride="false".
MVP
- 11337
- 101097
- 5/22/2011
- United States
@nopC Team
Would you please add work item(s) to either implement Ip Blacklist or add some hooks so that it could be done with a plugin?
Also, same regarding IsSearchEngine(). To prevent consumption of Customer Ids due to "guest access" by pingalive.com, for now I'm hard coding, but it would be nice to have some hook for a plugin.
src\Libraries\Nop.Core\WebHelper.cs
public virtual bool IsSearchEngine(HttpRequestBase request)
{
...
result = request.Browser.Crawler;
if (!result)
{
//put any additional known crawlers in the Regex below for some custom validation
//var regEx = new Regex("Twiceler|twiceler|BaiDuSpider|baduspider|Slurp|slurp|ask|Ask|Teoma|teoma|Yahoo|yahoo");
//result = regEx.Match(request.UserAgent).Success;
result = "77.73.3.96,".Contains(request.UserHostAddress); //pingalive.com
}
...
Would you please add work item(s) to either implement Ip Blacklist or add some hooks so that it could be done with a plugin?
Also, same regarding IsSearchEngine(). To prevent consumption of Customer Ids due to "guest access" by pingalive.com, for now I'm hard coding, but it would be nice to have some hook for a plugin.
src\Libraries\Nop.Core\WebHelper.cs
public virtual bool IsSearchEngine(HttpRequestBase request)
{
...
result = request.Browser.Crawler;
if (!result)
{
//put any additional known crawlers in the Regex below for some custom validation
//var regEx = new Regex("Twiceler|twiceler|BaiDuSpider|baduspider|Slurp|slurp|ask|Ask|Teoma|teoma|Yahoo|yahoo");
//result = regEx.Match(request.UserAgent).Success;
result = "77.73.3.96,".Contains(request.UserHostAddress); //pingalive.com
}
...
- 7
- 45
- 3/25/2010
- United States
Wondering if Anyone else is MISSING the "Blacklist" feature. We have just launched on NOP 2.3 and Now our site gets hit ALL DAY long with traffic from China, India, etc.
Why would this feature be taken out of A Shopping Cart Solution, leaving Shopping Cart admin's like myself "Naked" with no solution to get Rid of this traffic.
If you currently have a NOP Solution running and make use of the Blacklist, I would NOT recommend upgrading to 2.X as there is NO easy to use menu on the Admin Back end to manage IP's and/or networks.
Why would this feature be taken out of A Shopping Cart Solution, leaving Shopping Cart admin's like myself "Naked" with no solution to get Rid of this traffic.
If you currently have a NOP Solution running and make use of the Blacklist, I would NOT recommend upgrading to 2.X as there is NO easy to use menu on the Admin Back end to manage IP's and/or networks.
- 1
- 2