Deny ip address dynamically

Results 1 to 2 of 2

Thread: Deny ip address dynamically

  1. #1
    Marcus Lambert Guest

    Default Deny ip address dynamically

    Does anybody if there is a way of dynamically denying an IP address or Range in IIS 4.0. <BR>i.e if a user from an Ip address trys to brute force hack a password say 20 times it then adds that ip address to a deny list ??

  2. #2
    Join Date
    Dec 1969

    Default RE: Deny ip address dynamically

    sure.<BR><BR>use request.servervariables.<BR><BR>for each unacceptable act, by the user, set Session("WatchOut") to Session("WatchOut")+1 and do a quick check on its value if Session("WatchOut")&#062; the limit of unacceptable acts by a single user, pop his IP into a denied list (database, FSO, etc).<BR><BR>use a security scheme to compare a user&#039s IP to the denied list and deny access if it&#039s found there.<BR><BR>you could make this work across sessions, too, by logging unacceptable acts in a database by IP and counting them there...<BR><BR>kurt

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts