Skip to main content

How To Block IP Addresses from your website using ASP.NET

To block IP address from your web application we used a HttpModule that could be reused in any ASP.NET application. When an IP address is blocked it stops the response and sends a “403 Forbidden” header. Even though it’s almost impossible to block someone from accessing your website, this is a simple way to make it much harder to do. For the regular web users this is probably enough to keep them out. IpBlockingModule.cs
using System;
using System.Web;
using System.Configuration;
using System.Collections.Specialized;

/// Block the response to certain IP addresses
public class IpBlockingModule : IHttpModule

    void IHttpModule.Dispose()
        // Nothing to dispose;

    void IHttpModule.Init(HttpApplication context)
        context.BeginRequest += new EventHandler(context_BeginRequest);

    /// Checks the requesting IP address in the collection
    /// and block the response if it's on the list.
    private void context_BeginRequest(object sender, EventArgs e)
        string ip = HttpContext.Current.Request.UserHostAddress;
        if (_IpAdresses.Contains(ip))
            HttpContext.Current.Response.StatusCode = 403;

    private static StringCollection _IpAdresses = FillBlockedIps();

    /// Retrieves the IP addresses from the web.config
    /// and adds them to a StringCollection.
    /// A StringCollection of IP addresses.
    private static StringCollection FillBlockedIps()
        StringCollection col = new StringCollection();

        string raw = ConfigurationManager.AppSettings.Get("blockip");
        raw = raw.Replace(",", ";");
        raw = raw.Replace(" ", ";");

        foreach (string ip in raw.Split(';'))

        return col;

Implementation Add IpBlockingModule.cs to the App_Code folder. Then add the following line to the <system.web> section of the web.config.
    <add type = "IpBlockingModule" name= "IpBlockingModule" />
Then add the IP addresses you want to block, separated by commas, to the appSettings in web.config.
    <add key = "blockip" value = ","/>


  1. hi Santhosh,

    I tried this code, it was working fine when i test in local system.

    but when i uploaded it, it was showing "500 - Internal server error."

    Can you tell me is there anything else to setup

    Thank you

  2. Hi RaHaNa
    check this url

  3. hi santhosh,

    Thank you for your reply, actually i was checking the same page about internal server error, that u gave me, then i got your response

    when i got that error , this part commented,in web.config. then error gone
    < httpModules >
    < add type = "IpBlockingModule" name = "IpBlockingModule" />
    < / httpModules >

    so the function in ipblockingmodule , may be this " context.BeginRequest += new EventHandler(context_BeginRequest);"

    is having the problem.(not srue)

    to solve this should we set something in server side, it can be done by the server side experts only? have any idea?



Post a Comment

Popular posts from this blog