IP Firewall

[Gilroy]

I'm trying to determine the net result of using the IP Firewall security feature. I've provided the IP Firewall with a single IP address, then attempted to access the store from that IP, but full access is still granted.

I searched the UI codebase and could only see the BannedIPDataSource class referenced in:

\Admin\Orders\ViewOrder.aspx.cs(86)
\Admin\Store\Security\BlockedIPs.aspx(101)

Is this feature even used in 7.0.3?

Thanks, in advance, for the feedback.

[AbleMods]

My 7.0.3 install works fine with IP firewall. It immediately blocked my browser access to the site.

You won't find much in the UI code regarding the firewall. Most of it is handled in the HTTP handlers within the CommerceBuilder API dll files.

The net result of my test was a blank page. HTTP responded OK but no content was delivered to the browser.

[mazhar]

Yes its working. In fact prevention code is some where in back end. In order to test don't ban same IP which is used to host the application or Admin IP. Better ban IP of some other machine and then visit application using that machine.

[Gilroy]

Thanks! I was accessing our test site over a VPN. The IP address that AC was capturing was my VPN assigned IP. I had banned my local IP. That's why it wasn't working. I have a valid test now.

Is there any way to change the behavior? If we wanted to send the traffic to another custom page, is that possible?

[mazhar]

Try some IIS based redirection solution. Application throws 403 error code for a banned IP request so try handle that event via IIS.

[Gilroy]

Thanks!