diff --git a/Core/IPBanConfigWindowsEventViewer.cs b/Core/IPBanConfigWindowsEventViewer.cs
index 2c2045fe..bf806c1f 100644
--- a/Core/IPBanConfigWindowsEventViewer.cs
+++ b/Core/IPBanConfigWindowsEventViewer.cs
@@ -145,10 +145,18 @@ public string Keywords
}
}
- public string GetQueryString(int id = 1)
+ public void AppendQueryString(StringBuilder builder, int id = 1)
{
ulong keywordsDecimal = ulong.Parse(Keywords.Substring(2), NumberStyles.AllowHexSpecifier, CultureInfo.InvariantCulture);
- return "";
+ builder.Append("");
}
public void SetExpressionsFromExpressionsText()
diff --git a/Core/IPBanMemoryFirewall.cs b/Core/IPBanMemoryFirewall.cs
index d21d4bd2..cae55391 100644
--- a/Core/IPBanMemoryFirewall.cs
+++ b/Core/IPBanMemoryFirewall.cs
@@ -256,7 +256,7 @@ public bool Contains(UInt128 ipv6UInt128)
private readonly Dictionary blockRules = new Dictionary();
private readonly MemoryFirewallRule allowRule = new MemoryFirewallRule();
- public string RulePrefix { get; set; }
+ public string RulePrefix { get; set; } = "IPBan_";
private string ScrubRuleNamePrefix(string ruleNamePrefix)
{
@@ -390,8 +390,8 @@ public IEnumerable GetRuleNames(string ruleNamePrefix = null)
{
yield return key;
}
- if (prefix.StartsWith(RulePrefix, StringComparison.OrdinalIgnoreCase) ||
- prefix.StartsWith(RulePrefix + "Allow", StringComparison.OrdinalIgnoreCase))
+ if (RulePrefix.StartsWith(prefix, StringComparison.OrdinalIgnoreCase) ||
+ RulePrefix.StartsWith(prefix + "Allow", StringComparison.OrdinalIgnoreCase))
{
yield return RulePrefix + "Allow";
}
diff --git a/Core/IPBanService.cs b/Core/IPBanService.cs
index 8d141440..0c8e2f2a 100644
--- a/Core/IPBanService.cs
+++ b/Core/IPBanService.cs
@@ -1297,7 +1297,6 @@ public static T CreateAndStartIPBanTestService(string directory = null, strin
string configFilePath = Path.Combine(directory, configFileName);
string configFileText = File.ReadAllText(configFilePath);
configFilePath += ".tmp";
- configFileText = configFileText.Replace("", "");
if (configFileModifier != null)
{
configFileText = configFileModifier(configFileText);
diff --git a/IPBanTests/IPBanConfigTests.cs b/IPBanTests/IPBanConfigTests.cs
index a775e88e..35e8da4d 100644
--- a/IPBanTests/IPBanConfigTests.cs
+++ b/IPBanTests/IPBanConfigTests.cs
@@ -152,7 +152,7 @@ public void TestDefaultConfig()
Assert.AreEqual("IPBan_", cfg.FirewallRulePrefix);
Assert.AreEqual(TimeSpan.FromSeconds(1.0), cfg.MinimumTimeBetweenFailedLoginAttempts);
Assert.IsEmpty(cfg.ProcessToRunOnBan);
- Assert.IsFalse(cfg.UseDefaultBannedIPAddressHandler); // the create and start test service forces this false, it is true otherwise in production by default
+ Assert.IsTrue(cfg.UseDefaultBannedIPAddressHandler);
Assert.IsEmpty(cfg.UserNameWhitelist);
Assert.IsEmpty(cfg.WhiteList);
Assert.IsEmpty(cfg.WhiteListRegex);
diff --git a/IPBanTests/IPBanMemoryFirewallTests.cs b/IPBanTests/IPBanMemoryFirewallTests.cs
index 4e57fa41..4f6d18b8 100644
--- a/IPBanTests/IPBanMemoryFirewallTests.cs
+++ b/IPBanTests/IPBanMemoryFirewallTests.cs
@@ -27,7 +27,7 @@ public void BasicTest()
f.BlockIPAddresses("TestRule", new IPAddressRange[] { range }, new PortRange[0]);
string[] banned = f.EnumerateBannedIPAddresses().ToArray();
IPAddressRange[] banned2 = f.EnumerateIPAddresses("TestRule").ToArray();
-
+ Assert.AreEqual(0, f.GetRuleNames("CB").Count());
Assert.IsTrue(f.IsIPAddressAllowed(allowIP));
Assert.IsFalse(f.IsIPAddressBlocked(allowIP));
Assert.IsFalse(f.IsIPAddressBlocked(otherIP));
diff --git a/Windows/IPBanWindowsEventViewer.cs b/Windows/IPBanWindowsEventViewer.cs
index 30737509..72bbf006 100644
--- a/Windows/IPBanWindowsEventViewer.cs
+++ b/Windows/IPBanWindowsEventViewer.cs
@@ -28,6 +28,7 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
using System.Diagnostics.Eventing.Reader;
using System.Globalization;
using System.IO;
+using System.Text;
using System.Text.RegularExpressions;
using System.Threading.Tasks;
using System.Xml;
@@ -228,8 +229,8 @@ private string GetEventLogQueryString(List ignored)
return null;
}
+ StringBuilder queryString = new StringBuilder("");
int id = 0;
- string queryString = "";
HashSet logNames = new HashSet(System.Diagnostics.Eventing.Reader.EventLogSession.GlobalSession.GetLogNames());
foreach (EventViewerExpressionGroup group in service.Config.WindowsEventViewerExpressionsToBlock.Groups)
{
@@ -241,12 +242,12 @@ private string GetEventLogQueryString(List ignored)
}
else
{
- queryString += group.GetQueryString(++id);
+ group.AppendQueryString(queryString, ++id);
}
}
- queryString += "";
+ queryString.Append("");
- return queryString;
+ return queryString.Length < 32 ? null : queryString.ToString();
}
private void SetupEventLogWatcher()
@@ -255,7 +256,7 @@ private void SetupEventLogWatcher()
{
List ignored = new List();
string queryString = GetEventLogQueryString(ignored);
- if (queryString != previousQueryString)
+ if (queryString != null && queryString != previousQueryString)
{
IPBanLog.Warn("Event viewer query string: {0}", queryString);
foreach (string path in ignored)