Recently, one of my readers asked me how to block certain IP addresses from accessing his ASP.NET website. It was a good question that could be answered in multiple correct ways. My answer was a plug ‘n play HttpModule that could be reused in any ASP.NET application. When an IP address is blocked it stops the response and sends a “403 Forbidden” header.

Even though it’s almost impossible to block someone from accessing your website, this is a simple way to make it much harder to do. For the regular web users this is probably enough to keep them out.


Download the IpBlockingModule.cs below and add it to the App_Code folder. Then add the following line to the <system.web> section of the web.config.

< httpModules >

< add type = " IpBlockingModule " name = " IpBlockingModule " />

</ httpModules >

Then add the IP addresses you want to block, separated by commas, to the appSettings in web.config.

< appSettings >

< add key = " blockip " value = ", " />

</ appSettings >


IpBlockingModule.zip (0,76 KB)