Added IP range support

Author: stefanprodan

WebApiThrottle.Demo/App_Start/WebApiConfig.cs

@@ -37,11 +37,11 @@ public static void Register(HttpConfiguration config)
                     IpThrottling = true,
                     IpRules = new Dictionary<string, RateLimits>
                     { 
-                        { "::1", new RateLimits { PerSecond = 2 } },
-                        { "192.168.0.1", new RateLimits { PerMinute = 30, PerHour = 30*60, PerDay = 30*60*24 } }
+                        { "::1/10", new RateLimits { PerSecond = 2 } },
+                        { "192.168.2.1", new RateLimits { PerMinute = 30, PerHour = 30*60, PerDay = 30*60*24 } }
                     },
                     //white list the "::1" IP to disable throttling on localhost for Win8
-                    IpWhitelist = new List<string> { "127.0.0.1" },
+                    IpWhitelist = new List<string> { "127.0.0.1", "192.168.0.0/24" },
 
                     //scope to clients (if IP throttling is applied then the scope becomes a combination of IP and client key)
                     ClientThrottling = true,

WebApiThrottle/IPAddressRange.cs

@@ -0,0 +1,156 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Net;
+using System.Runtime.Serialization;
+using System.Text;
+using System.Text.RegularExpressions;
+using System.Threading.Tasks;
+
+namespace WebApiThrottle
+{
+    /// <summary>
+    /// IP v4 and v6 range helper by jsakamoto
+    /// Fork from https://github.com/jsakamoto/ipaddressrange
+    /// </summary>
+    /// <example>
+    /// "192.168.0.0/24" 
+    /// "fe80::/10" 
+    /// "192.168.0.0/255.255.255.0" 
+    /// "192.168.0.0-192.168.0.255"
+    /// </example>
+    [Serializable]
+    public class IPAddressRange : ISerializable
+    {
+        public IPAddress Begin { get; set; }
+
+        public IPAddress End { get; set; }
+
+        public IPAddressRange()
+        {
+            this.Begin = new IPAddress(0L);
+            this.End = new IPAddress(0L);
+        }
+
+        public IPAddressRange(string ipRangeString)
+        {
+            // remove all spaces.
+            ipRangeString = ipRangeString.Replace(" ", "");
+
+            // Pattern 1. CIDR range: "192.168.0.0/24", "fe80::/10"
+            var m1 = Regex.Match(ipRangeString, @"^(?<adr>[\da-f\.:]+)/(?<maskLen>\d+)$", RegexOptions.IgnoreCase);
+            if (m1.Success)
+            {
+                var baseAdrBytes = IPAddress.Parse(m1.Groups["adr"].Value).GetAddressBytes();
+                var maskBytes = Bits.GetBitMask(baseAdrBytes.Length, int.Parse(m1.Groups["maskLen"].Value));
+                baseAdrBytes = Bits.And(baseAdrBytes, maskBytes);
+                this.Begin = new IPAddress(baseAdrBytes);
+                this.End = new IPAddress(Bits.Or(baseAdrBytes, Bits.Not(maskBytes)));
+                return;
+            }
+
+            // Pattern 2. Uni address: "127.0.0.1", ":;1"
+            var m2 = Regex.Match(ipRangeString, @"^(?<adr>[\da-f\.:]+)$", RegexOptions.IgnoreCase);
+            if (m2.Success)
+            {
+                this.Begin = this.End = IPAddress.Parse(ipRangeString);
+                return;
+            }
+
+            // Pattern 3. Begin end range: "169.258.0.0-169.258.0.255"
+            var m3 = Regex.Match(ipRangeString, @"^(?<begin>[\da-f\.:]+)-(?<end>[\da-f\.:]+)$", RegexOptions.IgnoreCase);
+            if (m3.Success)
+            {
+                this.Begin = IPAddress.Parse(m3.Groups["begin"].Value);
+                this.End = IPAddress.Parse(m3.Groups["end"].Value);
+                return;
+            }
+
+            // Pattern 4. Bit mask range: "192.168.0.0/255.255.255.0"
+            var m4 = Regex.Match(ipRangeString, @"^(?<adr>[\da-f\.:]+)/(?<bitmask>[\da-f\.:]+)$", RegexOptions.IgnoreCase);
+            if (m4.Success)
+            {
+                var baseAdrBytes = IPAddress.Parse(m4.Groups["adr"].Value).GetAddressBytes();
+                var maskBytes = IPAddress.Parse(m4.Groups["bitmask"].Value).GetAddressBytes();
+                baseAdrBytes = Bits.And(baseAdrBytes, maskBytes);
+                this.Begin = new IPAddress(baseAdrBytes);
+                this.End = new IPAddress(Bits.Or(baseAdrBytes, Bits.Not(maskBytes)));
+                return;
+            }
+
+            throw new FormatException("Unknown IP range string.");
+        }
+
+        protected IPAddressRange(SerializationInfo info, StreamingContext context)
+        {
+            var names = new List<string>();
+            foreach (var item in info) names.Add(item.Name);
+
+            Func<string, IPAddress> deserialize = (name) => names.Contains(name) ?
+                IPAddress.Parse(info.GetValue(name, typeof(object)).ToString()) :
+                new IPAddress(0L);
+
+            this.Begin = deserialize("Begin");
+            this.End = deserialize("End");
+        }
+
+        public bool Contains(IPAddress ipaddress)
+        {
+            if (ipaddress.AddressFamily != this.Begin.AddressFamily) return false;
+            var adrBytes = ipaddress.GetAddressBytes();
+            return Bits.GE(this.Begin.GetAddressBytes(), adrBytes) && Bits.LE(this.End.GetAddressBytes(), adrBytes);
+        }
+
+        public void GetObjectData(SerializationInfo info, StreamingContext context)
+        {
+            info.AddValue("Begin", this.Begin != null ? this.Begin.ToString() : "");
+            info.AddValue("End", this.End != null ? this.End.ToString() : "");
+        }
+    }
+
+    internal static class Bits
+    {
+        internal static byte[] Not(byte[] bytes)
+        {
+            return bytes.Select(b => (byte)~b).ToArray();
+        }
+
+        internal static byte[] And(byte[] A, byte[] B)
+        {
+            return A.Zip(B, (a, b) => (byte)(a & b)).ToArray();
+        }
+
+        internal static byte[] Or(byte[] A, byte[] B)
+        {
+            return A.Zip(B, (a, b) => (byte)(a | b)).ToArray();
+        }
+
+        internal static bool GE(byte[] A, byte[] B)
+        {
+            return A.Zip(B, (a, b) => a == b ? 0 : a < b ? 1 : -1)
+                .SkipWhile(c => c == 0)
+                .FirstOrDefault() >= 0;
+        }
+
+        internal static bool LE(byte[] A, byte[] B)
+        {
+            return A.Zip(B, (a, b) => a == b ? 0 : a < b ? 1 : -1)
+                .SkipWhile(c => c == 0)
+                .FirstOrDefault() <= 0;
+        }
+
+        internal static byte[] GetBitMask(int sizeOfBuff, int bitLen)
+        {
+            var maskBytes = new byte[sizeOfBuff];
+            var bytesLen = bitLen / 8;
+            var bitsLen = bitLen % 8;
+            for (int i = 0; i < bytesLen; i++)
+            {
+                maskBytes[i] = 0xff;
+            }
+            if (bitsLen > 0) maskBytes[bytesLen] = (byte)~Enumerable.Range(1, 8 - bitsLen).Select(n => 1 << n - 1).Aggregate((a, b) => a | b);
+            return maskBytes;
+        }
+
+    }
+}

WebApiThrottle/RateLimit.cs

@@ -6,6 +6,7 @@
 
 namespace WebApiThrottle
 {
+    [Serializable]
     public class RateLimits
     {
         public long PerSecond { get; set; }

WebApiThrottle/RequestIndentity.cs

@@ -9,6 +9,7 @@ namespace WebApiThrottle
     /// <summary>
     /// Stores the client ip, key and endpoint
     /// </summary>
+    [Serializable]
     public class RequestIndentity
     {
         public string ClientIp { get; set; }

WebApiThrottle/ThrottleCounter.cs

@@ -9,6 +9,7 @@ namespace WebApiThrottle
     /// <summary>
     /// Stores the initial access time and the numbers of calls made from that point
     /// </summary>
+    [Serializable]
     public struct ThrottleCounter
     {
         public DateTime Timestamp { get; set; }

WebApiThrottle/ThrottleLogEntry.cs

@@ -7,6 +7,7 @@
 
 namespace WebApiThrottle
 {
+    [Serializable]
     public class ThrottleLogEntry
     {
         public string RequestId { get; set; }

WebApiThrottle/ThrottlePolicy.cs

@@ -9,6 +9,7 @@ namespace WebApiThrottle
     /// <summary>
     /// Rate limits policy
     /// </summary>
+    [Serializable]
     public class ThrottlePolicy
     {
         /// <summary>

WebApiThrottle/ThrottlingHandler.cs

@@ -102,9 +102,10 @@ protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage reques
                         }
 
                         //enforce ip rate limit as is most specific 
-                        if (Policy.IpRules != null && Policy.IpRules.Keys.Contains(identity.ClientIp))
+                        string ipRule = null;
+                        if (Policy.IpRules != null && ContainsIp(Policy.IpRules.Keys.ToList(), identity.ClientIp, out ipRule))
                         {
-                            var limit = Policy.IpRules[identity.ClientIp].GetLimit(rateLimitPeriod);
+                            var limit = Policy.IpRules[ipRule].GetLimit(rateLimitPeriod);
                             if (limit > 0) rateLimit = limit;
                         }
 
@@ -150,7 +151,7 @@ private ThrottleCounter ProcessRequest(ThrottlePolicy throttlePolicy, RequestInd
 
             if (throttlePolicy.IpThrottling)
             {
-                if (throttlePolicy.IpWhitelist != null && throttlePolicy.IpWhitelist.Contains(throttleEntry.ClientIp))
+                if (throttlePolicy.IpWhitelist != null && ContainsIp(throttlePolicy.IpWhitelist, throttleEntry.ClientIp))
                 {
                     return throttleCounter;
                 }
@@ -232,6 +233,43 @@ protected IPAddress GetClientIp(HttpRequestMessage request)
             return null;
         }
 
+        private bool ContainsIp(List<string> ipRules, string clientIp)
+        {
+            var ip = IPAddress.Parse(clientIp);
+            if (ipRules != null && ipRules.Any())
+            {
+                foreach (var rule in ipRules)
+                {
+                    var range = new IPAddressRange(rule);
+                    if (range.Contains(ip)) return true;
+                }
+
+            }
+
+            return false;
+        }
+
+        private bool ContainsIp(List<string> ipRules, string clientIp, out string rule)
+        {
+            rule = null;
+            var ip = IPAddress.Parse(clientIp);
+            if (ipRules != null && ipRules.Any())
+            {
+                foreach (var r in ipRules)
+                {
+                    var range = new IPAddressRange(r);
+                    if (range.Contains(ip))
+                    {
+                        rule = r;
+                        return true;
+                    }
+                }
+
+            }
+
+            return false;
+        }
+
         private Task<HttpResponseMessage> QuotaExceededResponse(HttpRequestMessage request, string message)
         {
             return Task.FromResult(request.CreateResponse(HttpStatusCode.Conflict, message));

WebApiThrottle/WebApiThrottle.csproj

@@ -61,6 +61,7 @@
     <Reference Include="System.Xml" />
   </ItemGroup>
   <ItemGroup>
+    <Compile Include="IPAddressRange.cs" />
     <Compile Include="IThrottleLogger.cs" />
     <Compile Include="IThrottleRepository.cs" />
     <Compile Include="Properties\AssemblyInfo.cs" />