DEV Community

Edward Anil Joseph
Edward Anil Joseph

Posted on

1

PowerShell script to add IP ranges in bulk

We had several websites hosted on a Windows server and usually there were several attempts to hack those websites using SQL Injection.
I needed a script to add IP addresses in bulk to a Firewall rule in Windows server.

Custom 500 error page

We have configured the web.config to show a custom 500 error page instead of the default one.
And in that custom 500 page, we have a script to log those errors and send us an email when that error occurs.
We use this for debugging or fixing issues with the application that we run.

This is the code in web.config file for allowing custom error pages:

<httpErrors>
 <remove statusCode="500" subStatusCode="100" />
 <error statusCode="500" subStatusCode="100" path="/iishelp/common/500-100.asp" responseMode="ExecuteURL" />
</httpErrors>
Enter fullscreen mode Exit fullscreen mode

And in our "500-100.asp" (custom error page) we had the following code:

strMessage = "HTTP Referrer : " & Request.ServerVariables("HTTP_REFERER") & vbCrLf & _
            "URL : " & Request.ServerVariables("URL")  & vbCrLf & _
            "IP Address: " & Request.ServerVariables("REMOTE_ADDR") & vbCrLf & _
            "Browser: " & Request.ServerVariables("HTTP_USER_AGENT") & vbCrLf & _
            "Category: " & objASPError.Category & vbCrLf & _
            "Filename: " & objASPError.File & vbCrLf & _
            "ASP Code: " & objASPError.ASPCode & vbCrLf & _
            "Error Number: " & objASPError.Number & vbCrLf & _
            "Source: " & objASPError.Source & vbCrLf & _
            "Line Number: " & objASPError.Line & vbCrLf & _
            "Column: " & objASPError.Column & vbCrLf & _
            "Description: " & objASPError.Description & vbCrLf & _
            "ASP Description: " & objASPError.ASPDescription & vbCrLf & _
            "All HTTP: " & Request.ServerVariables("ALL_HTTP") & vbCrLf & _
            "POST Fields: " & Request.Form & vbCrLf & _
            "GET Fields: " & Request.QueryString & vbCrLf
Enter fullscreen mode Exit fullscreen mode

This message is sent as an email and also logged in Error Log Table.
Using the IP Address information from the error message, we wanted to block the IP Address range whenever we find some kind of hacking attempt on the website.

PowerShell Script

We were adding the IP address range manually in the Firewall rule.
For example, if the IP Address was "157.55.39.12", we will add the whole range, "157.55.39.0/24" in the blocking Firewall rule.

But this was cumbersome to do it manually.
So, we used this PowerShell script for adding the IP address range to the Firewall rule, automatically.

param (
    [Parameter(Mandatory = $true)]
    [string]
    $FirewallRuleName,

    [Parameter(Mandatory = $true)]
    [string[]]
    $NewIPs
)

$firewallRule = Get-NetFirewallRule -Name $FirewallRuleName

$existingRemoteAddresses = (Get-NetFirewallAddressFilter -AssociatedNetFirewallRule $firewallRule).RemoteAddress

# Convert the existing remote addresses and new IP addresses to arrays
$existingRemoteAddressesArray = $existingRemoteAddresses -split ","

$updatedRemoteAddresses = $existingRemoteAddressesArray + $NewIPs

# Remove any leading or trailing spaces from the IP addresses
$updatedRemoteAddresses = $updatedRemoteAddresses.Trim()

Set-NetFirewallRule -Name $FirewallRuleName -RemoteAddress $updatedRemoteAddresses -Confirm:$false

#Write-Output $updatedRemoteAddresses

Enter fullscreen mode Exit fullscreen mode

It was stored in a folder, "C:\PowerShellScripts"
The code was called in PowerShell as the following:

cd C:\PowerShellScripts
.\AddFirewall.ps1 -FirewallRuleName "Block Other Server IP Addresses" -NewIPs "157.55.39.0/24", "5.255.231.0/24", "213.180.203.0/24", "207.46.13.0/24", "114.119.159.0/24", "114.119.133.0/24"
Enter fullscreen mode Exit fullscreen mode

With this option we were able to add lots of IP address ranges to the Firewall rule to block offending IP Addresses.

Do your career a big favor. Join DEV. (The website you're on right now)

It takes one minute, it's free, and is worth it for your career.

Get started

Community matters

Top comments (0)

Billboard image

The Next Generation Developer Platform

Coherence is the first Platform-as-a-Service you can control. Unlike "black-box" platforms that are opinionated about the infra you can deploy, Coherence is powered by CNC, the open-source IaC framework, which offers limitless customization.

Learn more

πŸ‘‹ Kindness is contagious

Discover a treasure trove of wisdom within this insightful piece, highly respected in the nurturing DEV Community enviroment. Developers, whether novice or expert, are encouraged to participate and add to our shared knowledge basin.

A simple "thank you" can illuminate someone's day. Express your appreciation in the comments section!

On DEV, sharing ideas smoothens our journey and strengthens our community ties. Learn something useful? Offering a quick thanks to the author is deeply appreciated.

Okay