3

I'm building a service that allows to enter activation keys in a desktop application, which will then call a web service to check the key and return a license. This call does not require authorization.

The web application is running as Azure "App Service". I'm afraid someone will be trying to "guess" activation keys and slow down my service. (I'm not afraid they will be able to correctly guess, they are long enough).

Do Azure WebApps have some kind of automatic rate-limiting or DOS-protection, or do I need to configure/code this myself?

If I have to do it myself, can you point me into the right direction?

B3ret
  • 597
  • 5
  • 19
  • 2
    [This](https://learn.microsoft.com/en-us/azure/api-management/api-management-sample-flexible-throttling) can be found by a simple search... – user3151902 Sep 15 '17 at 08:13
  • 1
    The search term I was missing was "throttling". Also, it does not say if Azure itself does any kind of very basic throttling or DOS-protection, if the described thing is not set up. – B3ret Sep 15 '17 at 08:15
  • 4
    The link titled 'This' does not even relate to the question, and SO should really contain the useful information instead of linking it. @user3151902 - do you have any knowledge about whether Azure Web Apps have some sort of DDoS protection? – Stoive May 01 '18 at 00:27

1 Answers1

-1

As far as I know, we could use Dynamic IP Restrictions in web app.

The Dynamic IP Restrictions Extension for IIS provides IT Professionals and Hosters a configurable module that helps mitigate or block Denial of Service Attacks or cracking of passwords through Brute-force by temporarily blocking Internet Protocol (IP) addresses of HTTP clients who follow a pattern that could be conducive to one of such attacks. This module can be configured such that the analysis and blocking could be done at the Web Server or the Web Site level.

About how to config this feature. We could remote connect to the azure web app IIS and set it.

enter image description here

About how to remote connect web app IIS, you could refer to this article.

More details, you could also refer to this blog.

Brando Zhang
  • 22,586
  • 6
  • 37
  • 65