JN.IpFilter – Simple IP Filter for ASP.NET Core

This is as simple IP Filter for ASP.NET Core. Provides an IP Filter for paths exposed by the application using a list of valid (allowed) IP addresses for each path. It is possible to allow access to one or more IP addresses per path and apply the filter to a specific HTTP method (POST, GET,…). If access is not allowed, an HTTP Forbidden (403) status code is returned, but this value can be overridden (see example below).

Current version

Current version is 1.1.0

Release notes for next version (in preparation)

• Added content to response; options object now has two new fields for specifying the content and the content type for the response.

Release notes for current version

• Update target framework to netstandard2.0

Release notes for version 1.0.1

• Changed default return HTTP status code to Forbidden (403)
• Added override option to return HTTP status code

To do list

Some new features will be added to future releases.

Planned features

• Deny access based on list of invalid (not allowed) IP addresses

Install

Download the package from NuGet:

Install-Package JN.IpFilter -version [version number]

The package is available here and source code is available here.

Usage

Use the UseIpFilter extension method to add the middleware inside the Configure method on the Startup class. This should be done before others middlewares are added.

The UseIpFilter extension method needs a list of filters and an options object that can be read from configuration.

Example

The following code shows an example of the Configure method.

public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{

    // (...)

    var filters = Configuration.GetIpFilters("IpFilters");
    var options = Configuration.GetIpFilterOptions("IpFilterMiddlewareOptions");

    app.UseIpFilter(filters, options);

    //(...)
}

Options

The filters and options can be read from configuration. The appsettings.json file could be something like the following.

The default HTTP status code is Forbidden (403). It can be overridden in the options object by specifiying a new code in ResponseHttpStatusCode field.

Important

• The $remoteIp$ tag can be used in ResponseContent field to show the remote IP that is executing the request;
• The value * means that any IP address is allowed.

{
  "IpFilterMiddlewareOptions": {
    "ExactPathMatch": false,
    "LogRequests": true,
    "ApplyOnlyToHttpMethod": "", 
    "ResponseHttpStatusCode": 401,
    "ResponseContentType": "application/json",
    "ResponseContent": "{\"ip:\": \"$remoteIp$\", \"Description\": \"Error!!\" }"
  },
  "IpFilters": [
    {
      "Path": "/MyController",
      "IpList": "1.1.1.1;::1"
    },
    {
      "Path": "/MyController2",
      "IpList": "*"
    },
    {
      "Path": "/MyController3",
      "IpList": "2.2.2.2"
    }
  ],
}

The available options are as follows:

• ExactPathMatch – if false, then any filter whose path starts with the path being validated will be used to validate access. For example if path being validated is /MyController4 then filter with path /MyController can be used to validate the request IP. If true, this behaviour is not allowed.
• LogRequests – log requests using the ILogger provided
• ApplyOnlyToHttpMethod – apply filter to a specific Http method (POST, GET, …)
• ResponseHttpStatusCode – HTTP status code to return – optional; if not specified Forbidden (403) will be used.
• ResponseContentType – the content type for the response (Example: application/json); this is not mandatory.
• ResponseContent – the content for the response; special tag $remoteIp$ can be used here; this is not mandatory.

asp.net core filter ip