IP Address Filtering and Restriction System

This example acts as an IP filter for your website. You can block single IPs or spans of IP's (like entire dsl networks, etc...) to accomodate an annoying user's hiccuping IP address. This system is production level and works on any asp file in any IIS website with no recoding. Implemented completely in JScript and allows an unlimited number of IP addresses or spans of IPs to be blocked via blocked IP rules stored in a database.

• site denial by ip address range or single IP
• allows unlimited number of denial rules to be created
• rules can be enabled/disabled on the fly
• violators logged by rule
• accepted ip's logged for future blocking
• optional backdoor for testing (to prevent accidental lockout) with customizable password
• allows custom "you've been restricted" page
• site lockout option - allows only one specified IP address access to the entire website (for maintenance, redesign, etc...) and denies all other IP's.
• specific server login enforced on sites with more than one name or IP.
• full web-based administration console
• fully compatible with sql server or ms access (sql server preferred)
• bulk restriction rule addition: add up to 15 new rules at a time
• rules can be added, modified or deleted on the fly
• YOU DON'T NEED TO RECODE OR ADD CODE TO ANY OF YOUR ASP FILES TO PROTECT THEM

This system is almost too powerful... Make sure to use the backdoor option when you are playing around with this... If you lock yourself out, you'll need to go into your site via FTP and manually alter the configuration page otherwise. Try not to block system addresses like 0.0.0.0 or 255.255.255.255. I don't think this app operates high enough in the system to really block vital processes from comm-ing with IIS but who really wants to find out.

This system is meant for those who have somewhat of a grasp on TCP/IP communications. You can screw yourself over with this system (not really, but if you don't know what you're doing - it may cause you quite a panic if you lock yourself out...) so be fore-warned that it is recommended for advanced users only.

Its implemented completely in JScript for ASP. It uses the session_onstart event handler to enforce entry rules. When any user comes into your website and hits an asp page for the first time, that user's IP address will be checked against every rule you have created. If either the exact address or the ip falls within an IP range you've explicitly denied access to, they will be automatically redirected to a restricted page and their session is abandoned. This means that if someone is restricted, the next page request will cause the same authorization scheme to work again, always denying access to the site. If a user is not denied access, the IP filtering is transparent to them and they are allowed to view the website normally. This is an easy way to annoy the people that are annoying your website.

1. Download the package
   
   
2. Unzip it into the root of your website, keeping the directory structure intact (check for files that exist of the same name on the root (especially index.asp and global.asa - the index.asp file on the root can be renamed, the global.asa's contents must be placed into the already existing global.asa file at the top. See the FAQ below for details. I recommend creating a completely new server space while testing on a developmental server (IIS 5/ASP 3.0/Win 2k MINIMUM) and then after fooling around with it for a while, combining it into your already existing production site (WHICH MUST BE RUNNING IIS 5/ASP 3.0/Win 2k MINIMUM).
   
   
3. You will need to modify the configuration file the first time before you use your website. The file you'll need to update is: http://yoursite.com/IPADMIN/etc/config/config.asp. When you open it up the first time (from FTP), it will look something like this:

   <SCRIPT LANGUAGE="JScript" RUNAT="SERVER">
   //This is an automatically generated file... do not modify
   var CONNSTRING = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=D:\\IPRestMaster.mdb;";
   var USE_BACKDOOR = false;
   var BACKDOOR_PASSWORD = "mr stevenson";
   var CONNUSER = "";
   var UNLOCKED_FOR_IP = "";
   var CONNPASS = "";
   var LOGIN_SERVER_NAME = "127.0.0.1";
   var LOG_ALL = true;
   var RESTRICTED_PATH = "/restricted.asp";
   var LOCK_SITE = false;
   var MAX_LOGIN_ATTEMPTS = 3;
   var LOGON_USER = "bill";
   var LOGON_PWD = "food";
   </SCRIPT>
   

   You will need to configure each variable according to your needs. This needs to be done only once. The administration area will automatically change the asp file itself via the interface after you initially set everything up. Here's a reference to what each variable means:
   
   database
   rules are stored, processed and searched in a database. The following 3 variables control database settings:

   CONNSTRING string
   database connection string
   
   CONNUSER string
   database account
   
   CONNPASS string
   database account password
   
   

   restriction
   The web, by default, allows anyone in. The sole purpose of this app is to place boundaries on what is considered to be desirable traffic by whoever is administrating that particular copy of the IP Restriction system. Any IP addresses in your database of bad IP banks are automatically redirected to another page whenever they request a page on your site with an ASP extension.

   RESTRICTED_PATH string
   If the page to redirect to is on the same virtual server space as the IP restriction system, the RESTRICTED_PATH variable must be a VIRTUAL PATH to the restricted page. For example: "/restricted.asp" is an acceptable path.
   
   LOG_ALL boolean
   This will log any IPs NOT restricted, only if set to true. This does not affect offending IP logging. Whenever a bad IP is encountered, it is logged and restricted. That feature cannot be turned off. This controls only good IP logging.

   backdoor
   This system has a completely built in backdoor option that can be turned on or off via the administration console. The backdoor should be disabled in live production systems but during testing can be used to prevent lockout if you accidently restrict your IP.

   USE_BACKDOOR boolean
   Setting this to true enables the backdoor option. When backdoor is enabled, a password box is displayed instead of the restriction page to anyone who is restricted.
   
   BACKDOOR_PASSWORD string
   password that will unlock the system when USE_BACKDOOR is set to true and your IP is blocked by a restriction rule.
   
   LOGIN_SERVER_NAME string
   backdoor works only for this server (if server has multiple identities - otherwise use the default name like "aspemporium.com" or whatever your site's name is... IPs are allowed as well). Sometimes the same server can be resolved to different names or IP addresses. For example 216.87.163.130, euphoriatech.com and aspemporium.com are all pointing to the same site. You can allow the backdoor to only work for a certain server name/IP. This is a paranoia feature... If your site has 10 .com addresses associated with it, pick 1 and that one is the only address that will accept a backdoor login. The other server names will ignore the form input and cracking software will work eternally as there is no password that works for any other server but the specified one although the backdoor form is displayed for all... Think of it like that house in California that has staircases leading nowhere and doors that open into walls... A tricky backdoor...
   
   MAX_LOGIN_ATTEMPTS number - int
   maximum number of times that a user is allowed to enter a password into the backdoor form - currently does nothing - UNUSED - but must be included and set to an integer value greater than 0 or the system will fail.

   website lock
   included just for fun is a lockout function. This will deny access to your entire site (ASP files only) to anyone except for one IP address. This option is handy if you need to do some quick maintenance but don't want anyone on the site while it's being done, etc. I'm sure someone will think of a cool use for it.

   LOCK_SITE boolean
   If set to true, will lock site to everyone but one IP address specified in UNLOCKED_FOR_IP.
   
   UNLOCKED_FOR_IP string
   The IP address specified here is the only IP address on Earth allowed to access any ASP page on the server. Only takes effect if LOCK_SITE is set to true.

   administrative login
   to access any of the administrative functions of the IP restriction system, you must first login.

   LOGON_USER string
   Admin user account.
   
   LOGON_PWD string
   Admin user password.

4. After changing the config file, if you are using SQL Server ONLY, you must open this file: /IPADMIN/etc/master_inc.asp
   
   The first 5 lines of the file look like this:

   <!-- #INCLUDE VIRTUAL = "/IPADMIN/etc/config/config.asp" -->
   
   <SCRIPT LANGUAGE=JScript RUNAT=SERVER>
   //set this variable to false if NOT using MS Access as the database
   //for this example...
   var IMUSINGMSACCESS = true;
   

   You must change the IMUSINGMSACCESS variable to false to properly use this system with SQL Server.
   
   
5. Navigate to your site via a browser. The IP Restriction web administration area can be navigated to using the following path: http://site.com/IPADMIN/index.asp. Once there, you must login. After logging in, you can administrate IP restriction on the website... Use http://www.network-tools.com/'s Network Lookup option to find netblock addresses of dsl or dialup providers that are accomodating annoyance users once you gather their IP's from your server's log files (that guy that keeps looking for the IISAdmin and IISSamples dirs and the _vti_inf.htm file on my site seems prime for total website denial... so do people who write jibberish in the forum more than once). The denial possibilities are endless and I've provided you with a way to taunt a restricted user by sending them to a special restricted file... Who could ask for anything better?
   
   
6. Installation complete. Make sure the backdoor option is enabled by clicking on the configuration option in the IPadmin area. I will most definitely be slow to respond to pleas for help because you locked yourself out so use the backdoor - that's what it's there for! Once you get a feel for how it works, you can remove the backdoor option and then the restriction is as good as it's gonna get... which is pretty good surprisingly. Hammer on it, test it, call your friends and hit it up. It should stand up well, especially when run using SQL Server as the primary database (Access is weak and won't work for a medium to high traffic site - probably won't work for a low traffic site either... the MS Access is provided solely for testing purposes - don't send me email talking about the access db cause I'll trash it.).

If you are planning on using the IP Restriction system on SQL Server (which is a good thing), this script will be handy for you to set up the proper table structure that is required. There are four tables.

/****** Object:  Table [dbo].[permitted_IP_log]    
	Script Date: 6/11/2001 7:10:54 AM ******/
if exists (select * from sysobjects where id = 
	object_id(N'[dbo].[permitted_IP_log]') and 
	OBJECTPROPERTY(id, N'IsUserTable') = 1)
drop table [dbo].[permitted_IP_log]
GO

/****** Object:  Table [dbo].[restricted_IP_banks]    
	Script Date: 6/11/2001 7:10:54 AM ******/
if exists (select * from sysobjects where id = 
	object_id(N'[dbo].[restricted_IP_banks]') and 
	OBJECTPROPERTY(id, N'IsUserTable') = 1)
drop table [dbo].[restricted_IP_banks]
GO

/****** Object:  Table [dbo].[restricted_IP_log]    
	Script Date: 6/11/2001 7:10:54 AM ******/
if exists (select * from sysobjects where id = 
	object_id(N'[dbo].[restricted_IP_log]') and 
	OBJECTPROPERTY(id, N'IsUserTable') = 1)
drop table [dbo].[restricted_IP_log]
GO

/****** Object:  Table [dbo].[restricted_IP_types]    
	Script Date: 6/11/2001 7:10:54 AM ******/
if exists (select * from sysobjects where id = 
	object_id(N'[dbo].[restricted_IP_types]') and 
	OBJECTPROPERTY(id, N'IsUserTable') = 1)
drop table [dbo].[restricted_IP_types]
GO

/****** Object:  Table [dbo].[permitted_IP_log]    
	Script Date: 6/11/2001 7:10:56 AM ******/
CREATE TABLE [dbo].[permitted_IP_log] (
	[ID] [int] IDENTITY (1, 1) NOT NULL ,
	[logTimestamp] [datetime] NOT NULL ,
	[IP] [char] (15) NULL ,
	[referer] [varchar] (255) NULL 
)
GO

/****** Object:  Table [dbo].[restricted_IP_banks]    
	Script Date: 6/11/2001 7:10:59 AM ******/
CREATE TABLE [dbo].[restricted_IP_banks] (
	[rule_ID] [int] IDENTITY (1, 1) NOT NULL ,
	[Bank_Start_IP] [char] (15) NULL ,
	[Bank_End_IP] [char] (15) NULL ,
	[Restricted_Since] [datetime] NOT NULL ,
	[IsRestricted] [bit] NOT NULL ,
	[RestrictDescription] [varchar] (255) NULL ,
	[RestrictionTypeID] [int] NOT NULL 
)
GO

/****** Object:  Table [dbo].[restricted_IP_log]    
	Script Date: 6/11/2001 7:11:02 AM ******/
CREATE TABLE [dbo].[restricted_IP_log] (
	[ID] [int] IDENTITY (1, 1) NOT NULL ,
	[rule_ID] [int] NOT NULL ,
	[logTimestamp] [datetime] NOT NULL ,
	[IP] [char] (15) NULL ,
	[referer] [varchar] (255) NULL 
)
GO

/****** Object:  Table [dbo].[restricted_IP_types]    
	Script Date: 6/11/2001 7:11:05 AM ******/
CREATE TABLE [dbo].[restricted_IP_types] (
	[RestrictionTypeID] [int] IDENTITY (1, 1) NOT NULL ,
	[RestrictionName] [varchar] (255) NOT NULL 
)
GO

ALTER TABLE [dbo].[permitted_IP_log] WITH NOCHECK ADD 
	 PRIMARY KEY  CLUSTERED 
	(
		[ID]
	)  ON [PRIMARY] 
GO

ALTER TABLE [dbo].[restricted_IP_banks] WITH NOCHECK ADD 
	 PRIMARY KEY  CLUSTERED 
	(
		[rule_ID]
	)  ON [PRIMARY] 
GO

ALTER TABLE [dbo].[restricted_IP_log] WITH NOCHECK ADD 
	 PRIMARY KEY  CLUSTERED 
	(
		[ID]
	)  ON [PRIMARY] 
GO

ALTER TABLE [dbo].[restricted_IP_types] WITH NOCHECK ADD 
	 PRIMARY KEY  CLUSTERED 
	(
		[RestrictionTypeID]
	)  ON [PRIMARY] 
GO

ALTER TABLE [dbo].[permitted_IP_log] WITH NOCHECK ADD 
	CONSTRAINT [DF__permitted__logTi__4C0144E4] 
		DEFAULT (getdate()) FOR [logTimestamp]
GO

ALTER TABLE [dbo].[restricted_IP_banks] WITH NOCHECK ADD 
	CONSTRAINT [DF__restricte__Restr__4EDDB18F] 
		DEFAULT (getdate()) FOR [Restricted_Since],
	CONSTRAINT [DF__restricte__IsRes__4FD1D5C8] 
		DEFAULT (1) FOR [IsRestricted]
GO

ALTER TABLE [dbo].[restricted_IP_log] WITH NOCHECK ADD 
	CONSTRAINT [DF__restricte__logTi__52AE4273] 
		DEFAULT (getdate()) FOR [logTimestamp]
GO

 CREATE  INDEX [permIPlog_1] ON 
	[dbo].[permitted_IP_log]([IP]) ON [PRIMARY]
GO

 CREATE  INDEX [restIPbank_1] ON 
	[dbo].[restricted_IP_banks]([Bank_Start_IP]) ON [PRIMARY]
GO

 CREATE  INDEX [restIPbank_2] ON 
	[dbo].[restricted_IP_banks]([Bank_End_IP]) ON [PRIMARY]
GO

 CREATE  INDEX [restIPbank_3] ON 
	[dbo].[restricted_IP_banks]([RestrictionTypeID]) ON [PRIMARY]
GO

 CREATE  INDEX [restIPlog_1] ON 
	[dbo].[restricted_IP_log]([rule_ID]) ON [PRIMARY]
GO

 CREATE  INDEX [restIPlog_2] ON 
	[dbo].[restricted_IP_log]([IP]) ON [PRIMARY]
GO

It should fly on SQL Server.

Whats the detailed order of execution when the session_onstart event handler is executed?

How does the backdoor work?

Why doesn't the system block my html pages?

What is the exact directory structure used by the IP restriction system?

I already have a global.asa. What do I do?

I have this one persistant annoying user always on my site and I want to block his/her access. He's/She's always using a different IP address... How do I block him/her?

All of my site is written in VBScript. Can I still use this?

I've disabled the backdoor option and accidently blocked my IP address and now I can't view my site's content... How do I fix this?

What would I use a system like this for?

I get an error when I modify the configuration of the IP restriction software via the interface...

How can I get a copy of the database in MS Access 97 format?

I'm running Windows 98. The code doesn't work for me.

I installed it and followed all the instructions. Where do I go to administrate the IP restrictor?

I get an "INCLUDE reference not found" error when I access my server after installing the IP restriction system. How to fix?

Does the custom restriction page have any requirements?

How do I add my own code to this thing, to enhance the base functionality?



Whats the detailed order of execution when the session_onstart event handler is executed?
[top]

First the IP restriction system checks to see if the lock site option is enabled. If it is, the site is locked and the site down message is displayed unless the user's IP was specifically allowed access before hand via the admin console.
Next, the system checks to see if the backdoor option is enabled. If it is, the backdoor password box is displayed to allow an admin to disable the rule preventing their access.
Finally, if the lock site option is disabled and the backdoor option is disabled, the ip is checked against the database of restricted IPs (aka rules).
If the IP is found conflicting with a rule, the offending ip is logged along with the referer, the rule being enforced and a timestamp. The user is always redirected to the restricted page.
If the IP is not found, the event can be logged (configurable) and the user is allowed access to the site. The entire process is transparent to a user if they are not being restricted.

How does the backdoor work?
[top]

The backdoor will enter the database of rules and disable the rule that is blocking your specific IP address. It does not delete the rule. If there is more than one rule affecting your IP address, you will have to login multiple times as the backdoor program as currently implemented only can disable one rule at a time. The backdoor will work only if all of the following criteria is met:

1. The backdoor option is enabled
2. The server specified in the "Backdoor Login Server Name" option matches the server you are contacting exactly
3. The password you enter exactly matches the password specified in the "Backdoor password" option.

Remember that it's not a good idea to enable the backdoor in a production system. The backdoor is meant for testing only. It will allow anyone in who brute forces it to determine the password.

Why doesn't the system block my html pages?
[top]

This system blocks ASP pages only. The session_onstart event in the global.asa does not execute if the page being executed is not an ASP page. This is by design in ASP and cannot be changed. Re-name your pages as ASP if they're important.

What is the exact directory structure used by the IP restriction system?
[top]

The default package comes as follows:

/global.asa
/index.asp
/restricted.asp
/IPADMIN/index.asp
/IPADMIN/admin/index.asp
/IPADMIN/admin/quit.asp
/IPADMIN/admin/rules/index.asp
/IPADMIN/admin/rules/remove.asp
/IPADMIN/admin/rules/toggle.asp
/IPADMIN/admin/rules/add/add.asp
/IPADMIN/admin/rules/add/add2.asp
/IPADMIN/admin/rules/edit/edit.asp
/IPADMIN/admin/rules/edit/edit2.asp
/IPADMIN/admin/rules/logs/clearlog.asp
/IPADMIN/admin/rules/logs/clearpermlog.asp
/IPADMIN/admin/rules/logs/permitted.asp
/IPADMIN/admin/config/alterconfig.asp
/IPADMIN/admin/config/changeconfig.asp
/IPADMIN/admin/config/configsaved.asp
/IPADMIN/admin/config/getconfig.asp
/IPADMIN/etc/master_inc.asp
/IPADMIN/etc/backdoor/backdoor.asp
/IPADMIN/etc/config/config.asp
/IPADMIN/etc/config/good_config.asp
/IPADMIN/etc/config/lastconfig2.asp
/IPADMIN/etc/config/backups/lastconfig2.asp
/IPADMIN/etc/db/IPRestMaster.mdb
/IPADMIN/etc/login/auth.asp

I already have a global.asa. What do I do?
[top]

1.)
In your global.asa file, above the <SCRIPT> tags, place this #INCLUDE FILE reference:

<!-- #INCLUDE VIRTUAL = "/IPADMIN/etc/master_inc.asp" -->

(It will work no matter what scripting engine your global.asa is currently using).

2.)
Alter the session_onstart event handler.
If there is no session_onstart event handler in your global.asa file, put one in. The correct syntax is:
JScript:

function Session_OnStart() {

}

VBScript:

Sub Session_OnStart()

End Sub

copy the following lines out of the global.asa's session_onstart procedure provided in the IP restriction download:

Session("restricted") = true;
Session("attempts") = 0;
Session("adminLoggedIn") = false;
authAgent();

If your global.asa's session_onstart event is empty and written in JScript, you can just add the lines above to the Session_OnStart procedure.
If your Session_OnStart event handler already has code in it and is written in JScript, place the lines above before anything else in that procedure so that the authAgent() procedure will execute before any other asp code.
Follow the same instructions for VBScript event handlers but use these lines in place of the JScript-specific lines displayed above:

Session("restricted") = True
Session("attempts") = 0
Session("adminLoggedIn") = False
authAgent()

I have this one persistant annoying user always on my site and I want to block his/her access. He's always using a different IP address... How do I block him/her?
[top]

The user is probably a dialup or dsl user that has a fresh IP address hiccupped to them whenever they restart their connection. The IP Restriction system was made with this specific idea in mind. First, gather that user's IP address from either the permitted IP log (if enabled) or even better, the IIS logs and take it to http://www.network-tools.com/
Select the "Network Lookup" radio button and type the IP Address into the input below the radio buttons, then click Submit. Network tools will do an ARIN db lookup to find the network that that particular IP lives on... For example, if the IP from your log is 64.252.123.101, you'll get something back similar to this:

whois.arin.net 64.252.123.101

SNET Internet (SBCIS East) (NETBLK-SNET-CIDR002)
   27 Butler St.
   Meriden, CT 06451
   US

   Netname: SNET-CIDR002
   Netblock: 64.252.0.0 - 64.252.255.255
   Maintainer: SNT

All providers have dedicated netblocks associated with themselves. A dsl user from SNET internet for example will always be hiccupped an IP in this range: 64.252.0.0 - 64.252.255.255. If your annoying user consistently attacks your site from an IP address within this block, you can disallow any viewing of your site to anyone in that block. Simply add a rule and in the "IP Start Range or single IP to block" field type: "64.252.0.0" and in the "IP End Range to block" type: "64.252.255.255". Give it a descriptive name like: "block all SNET DSL users" and then toggle the "Restriction Type" select box to "IP Address Range" and click the Add Restrictions button. Now any time any user from SNET DSL attempts to access your site, the offender will be logged and the user will sent to the restricted page, regardless of their hiccupped IP, assuming they have not changed providers. Efficient and annoying (for the denied user)!

All of my site is written in VBScript. Can I still use this?
[top]

Yes. Follow the instructions here to change the global.asa if your site has one: I already have a global.asa. What do I do?
The other files can be placed directly on to your server and used as is. You don't need to change any existing files.

I've disabled the backdoor option and accidently blocked my IP address and now I can't view my site's content... How do I fix this?
[top]

Oops. You'll never do that again. FTP into your site's root folder. Navigate to /IPADMIN/etc/config/config.asp and open it up. It will look something like this:

<SCRIPT LANGUAGE="JScript" RUNAT="SERVER">
//This is an automatically generated file... do not modify
var CONNSTRING = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=D:\\IPRestMaster.mdb;";
var USE_BACKDOOR = false;
var BACKDOOR_PASSWORD = "mr stevenson";
var CONNUSER = "";
var UNLOCKED_FOR_IP = "";
var CONNPASS = "";
var LOGIN_SERVER_NAME = "127.0.0.1";
var LOG_ALL = true;
var RESTRICTED_PATH = "/restricted.asp";
var LOCK_SITE = false;
var MAX_LOGIN_ATTEMPTS = 3;
var LOGON_USER = "bill";
var LOGON_PWD = "food";
</SCRIPT>

Change the USE_BACKDOOR variable to true and the BACKDOOR_PASSWORD to something you'll remember. Re-save the file on the server exactly where it was.
Re-navigate to your site (as specified in the LOGIN_SERVER_NAME variable from config.asp) and enter the backdoor password you wrote in config.asp. The rule affecting your IP will be disabled and you will be allowed access to the site.
Go into the admin console, change the configuration to disallow the backdoor, save the configuration, and finally, change the rule affecting your IP (or leave it disabled) so that you wont be restricted next time.

What would I use a system like this for?
[top]

If you don't know why you need it, you probably don't need it. This app is designed for the anal administrator who wants to strictly control website content access by blocking individual or entire netblocks of IP addresses.

I get an error when I modify the configuration of the IP restriction software...
[top]

Refresh the page. Sometime a conflict will occur but 99% of the time, the config file will be saved properly. If the config file gets corrupted or still doesnt work, navigate to the /IPADMIN/etc/config/backups/ directory and grab the lastconfig2.asp file and re-name it as config.asp. That will restore settings to right before they were modified. You can then either modify config.asp directly or use the admin interface to change the software configuration when your site has less traffic.

How can I get a copy of the database in MS Access 97 format?
[top]

You can't unless you manually convert it yourself. MS Access 97 is even more un-reliable than MS Access 2000 when used to power a database driven website. Besides, there is no reason for you to modify the db directly. The IPAdmin interface handles all database interaction.

I'm running Windows 98. The code doesn't work for me.
[top]

No kidding. Read the minimum requirements.

I installed the system and followed all the instructions. Where do I go to administrate the IP restrictor?
[top]

1. navigate to:
   http://site.com/IPADMIN/index.asp
2. type in the user name and password you specified in /IPADMIN/etc/config/config.asp. The variables holding this information is LOGON_USER and LOGON_PWD. If you didn't change from the default, the user name is "bill" and the password is "food".
3. you're in! After successfully logging in, you can administrate the system.

I get an "INCLUDE reference not found" error when I access my server after installing the IP restriction system. How to fix?
[top]

You messed up the directory structure when you unzipped it into your server space. The package must be installed into the root folder of your virtual server space or it won't work. Re-install everything. Make sure to be weary about conflicts such as files already existing on your server with the same name. You can rename the index.asp file (from the IP restrictor download package) on the root to something else but if you already have a global.asa, you need to consult the special 'I already have a global.asa' instructions above. If you already have an IPADMIN folder on the root of your site, your gonna have to recode almost every procedure and page in the package...

I recommend initially installing this system in a fresh virtual server space... That is, a new root folder with nothing in it, running on win 2k with IIS 5 and ASP 3 (anything less won't do it for this example). There will probably be a period of adjustment when you first install the system until you get used to administrating it... USE THE BACKDOOR AT FIRST while you are adjusting to the system. If you lock out your IP and you forgot to enable the backdoor - don't panic, just see the FAQ entry above. Definitely don't send a plea for help via the feedback area to me because it may be a while before I get to it (besides I covered that problem above in the FAQ so I'll just end up sending you a link to this file anyways).

While you are adjusting to the system, you'll begin to understand more of how the system works and after you feel as though you are ready, migrate it to your production site. If you're nervous, back everything up first...

Does the custom restriction page have any requirements?
[top]

Yes. The custom restriction page must be located somewhere in your virtual server space. The page must be named with the .asp extension and must contain the following code near the top of the page:

JScript:

<%
Session.Abandon();
Session("Restricted") = true;
%>

VBScript:

<%
Session.Abandon
Session("Restricted") = True
%>

How do I add my own code to this thing, to enhance the base functionality?
[top]

All of the procedures that the IPRestrictor uses can be found in this file on your server:
/IPADMIN/etc/master_inc.asp.

There are 24 procedures, all are written in JScript. This file is included into all IPADMIN pages and the global.asa page on the root of your site. For that last reason, all code in the master_inc.asp file must be surrounded by SCRIPT tags and not the percent signs we're all more familiar with...

Put any new procedures in this file and they become almost like APIs that can be called in any file that the master_inc.asp file is included into. In other words, I recommend you put any new procedures in the master_inc.asp file just to keep everything together...

1.0
initial release on May 1, 2001.

-ADO Library 2.5 or higher
-Scripting Runtime Library with proper permissions for the virtual server
-JScript Runtime v5.5 or better
-Windows 2000 running IIS 5 and ASP 3.0 (WILL NOT WORK WITH ASP 2.0 AND IIS 4 OR PWS/Win 98/95!!!)
-A bunch of IPs to restrict.

There are no known bugs.

You are bound to the ASP Emporium source code license if you or any other member of your family can be considered annoying by common standards, or if you have touched, thought about, used, modified or deconstructed this code in any way mentioned or unmentioned. Failure to obey the license will land you in a small room with bars and I'll be there to annoy you with geek talk for eternity.

http://www.aspemporium.com/license.aspx

It is important for you to know that documentation for the IP restriction system starts and ends on this page. If you are having trouble using the system and have read every-single word of this document, then you may use one of the following means to ask for help. If your question is answered in this document, I will not respond.

1. Try the ASP Emporium example forum: If you're screwed, the forum is a good place to find help:
   http://www.aspemporium.com/forum.aspx
   
   
2. Common error library: look through a bunch of categorized error messages and find the one that's throwing you.
   http://www.aspemporium.com/support.aspx
   
   
3. Send feedback: ask me for help if you can't find it anywhere else. Don't bother to write urgent or respond immediately... I do oldest/easiest requests first.
   http://www.aspemporium.com/feedback.aspx