How To Block IP Addresses from your website using ASP.NET

To block IP address from your web application we used a HttpModule that could be reused in any ASP.NET application. When an IP address is blocked it stops the response and sends a “403 Forbidden” header. Even though it’s almost impossible to block someone from accessing your website, this is a simple way to make it much harder to do. For the regular web users this is probably enough to keep them out. IpBlockingModule.cs
using System;
using System.Web;
using System.Configuration;
using System.Collections.Specialized;

/// Block the response to certain IP addresses
public class IpBlockingModule : IHttpModule

    void IHttpModule.Dispose()
        // Nothing to dispose;

    void IHttpModule.Init(HttpApplication context)
        context.BeginRequest += new EventHandler(context_BeginRequest);

    /// Checks the requesting IP address in the collection
    /// and block the response if it's on the list.
    private void context_BeginRequest(object sender, EventArgs e)
        string ip = HttpContext.Current.Request.UserHostAddress;
        if (_IpAdresses.Contains(ip))
            HttpContext.Current.Response.StatusCode = 403;

    private static StringCollection _IpAdresses = FillBlockedIps();

    /// Retrieves the IP addresses from the web.config
    /// and adds them to a StringCollection.
    /// A StringCollection of IP addresses.
    private static StringCollection FillBlockedIps()
        StringCollection col = new StringCollection();

        string raw = ConfigurationManager.AppSettings.Get("blockip");
        raw = raw.Replace(",", ";");
        raw = raw.Replace(" ", ";");

        foreach (string ip in raw.Split(';'))

        return col;

Implementation Add IpBlockingModule.cs to the App_Code folder. Then add the following line to the <system.web> section of the web.config.
    <add type = "IpBlockingModule" name= "IpBlockingModule" />
Then add the IP addresses you want to block, separated by commas, to the appSettings in web.config.
    <add key = "blockip" value = ","/>

Post a Comment


  1. hi Santhosh,

    I tried this code, it was working fine when i test in local system.

    but when i uploaded it, it was showing "500 - Internal server error."

    Can you tell me is there anything else to setup

    Thank you

  2. Hi RaHaNa
    check this url

  3. hi santhosh,

    Thank you for your reply, actually i was checking the same page about internal server error, that u gave me, then i got your response

    when i got that error , this part commented,in web.config. then error gone
    < httpModules >
    < add type = "IpBlockingModule" name = "IpBlockingModule" />
    < / httpModules >

    so the function in ipblockingmodule , may be this " context.BeginRequest += new EventHandler(context_BeginRequest);"

    is having the problem.(not srue)

    to solve this should we set something in server side, it can be done by the server side experts only? have any idea?



Please do not post any spam link in the comment box😊


Close Menu