.NET IP Filter Extensions

Use this type of extension to implement a custom IP filtering scheme. The server calls a method in your class to find out whether or not a particular IP address should be allowed or denied.

Creating a .NET IP Filter Extension

General instructions on building CompleteFTP .NET extensions may be found here.

.NET IP Filter Extension classes must implement the EnterpriseDT.Net.FtpServer.Core.IPFilter interface, which has one method:

IPFilterAction GetFilterAction(IPAddress address)

The IPAddress argument is the IP address of the client attempting to make a connection. The return-value can have any of three values: 1) IPFilterAction.Deny will deny the connection, 2) IPFilterAction.Allow will allow the connection, unless it has been auto-banned due to excessive authentication failures, and 3) IPFilterAction.AllowAlways will allow the connection irrespective of the number of authentication failures.

Example

Below is the source code for an IP Filter which supports denying the IP address if it is not from Australia.

using System;
using System.IO;
using System.Net;
using System.Text.RegularExpressions;

using EnterpriseDT.Net.FtpServer.Core;

namespace TestIPFilter
{
    public class TestIPFilter : IIPFilter
    {
        private string reason;

        public IPFilterAction GetFilterAction(IPAddress address)
        {
            var accessKey = "//access key";

            var httpWebRequest = (HttpWebRequest)WebRequest.Create("http://api.ipstack.com/"
                + address + "?access_key=" + accessKey + "&format=1");
            httpWebRequest.ContentType = "application/json";
            httpWebRequest.Method = "GET";

            var httpResponse = (HttpWebResponse)httpWebRequest.GetResponse();
            using (var streamReader = new StreamReader(httpResponse.GetResponseStream()))
            {
                var result = streamReader.ReadToEnd();
                if (GetCountryCode(result) == "AU")
                {
                    reason = null;
                    return IPFilterAction.Allow;
                }
                else
                {
                    reason = "Outside Australia";
                    return IPFilterAction.Deny;
                }
            }
        }

        private string GetCountryCode(string result)
        {
            var match = Regex.Match("\"country_code\":[ \t]*\"([^\"])+\"", result);
            return match.Success ? match.Groups[1].Value : null;
        }

        public string Reason => reason;

        public void Initialize(IPlugInInfo info)
        {
        }

        public void Dispose()
        {
        }
    }
}
		

Note: To get the access key (which is applied in the example code), please visit this service ipstack.com.

The following example shows the way to apply the code above:

  1. Add the example code 1 into the .NET IP Filter Extension in the Extensions panel of the CompleteFTP Manager.
  2. From the second server, connect to server 1. It will not connect successfully.