-1

Hi I have developed SPA web application in Angular. I am using VS2017 and I am using MVC template. I have deployed my app in azure. My project has some server side code as well. I have added below policy to restrict concurrent requests to my web application. Below code I added in web.config. I am running my project in localhost:1148 

 <security>
      <dynamicIpSecurity denyAction="Forbidden">
        <denyByRequestRate enabled="true" maxRequests="4" requestIntervalInMilliseconds="2000"/>
        <denyByConcurrentRequests enabled="true" maxConcurrentRequests="4"/>
      </dynamicIpSecurity>
 </security>

I want to test the above rule applied in localhost. I want to know Is it possible to test in above rule in localhost? When there are more then 4 concurrent requests O want to display forbidden. Can someone help me to test this? Any help would be appreciated. Thank you

Niranjan
  • 537
  • 2
  • 14
  • 31
  • Have you tried to publish your application to local IIS? Make sure the IP security is included in your IIS. And test it with fiddler or CRTRL+ F5 to refresh the page. – Tom Sun - MSFT Jun 21 '18 at 03:16
  • I have deployed in azure not in iis. How can i tes in this case? – Niranjan Jun 22 '18 at 03:52

1 Answers1

1

You also could test it with Filddler or other tool.For more details,please refer to the screenshot. You could test it by click the [Excute] quickly.

enter image description here

Tom Sun - MSFT
  • 24,161
  • 3
  • 30
  • 47
  • Thanks. I tried as you said. But my website never goes down. I tried quickly executing around 150 times. As per my above code my website supposed to go down right? – Niranjan Jun 23 '18 at 15:23
  • Yes, you are right. It should block your client Ip for a while. Based on my test, if I set it in the Webconfig, then it works correctly. In your case, I recommand that you could have a try to use Xdt transform and test it again and don't forget to reboot the WebApp after Xdt transform. – Tom Sun - MSFT Jun 25 '18 at 01:08
  • Thanks. Can i test it in localhost? – Niranjan Jun 25 '18 at 02:32
  • If you want to test it with local IIS, you need to make sure the IP security is included in your IIS, more details please refer to this [link](https://learn.microsoft.com/en-us/iis/get-started/whats-new-in-iis-8/iis-80-dynamic-ip-address-restrictions). – Tom Sun - MSFT Jun 25 '18 at 02:40
  • I am running on iis express which is provided by default with VS2017. Can i do it in iis express too? – Niranjan Jun 25 '18 at 02:53
  • I came to office and tested and as per your first answer after five six successful attempts i started to get 403 error in fiddler. I hope I am on correct way. But how long my ip will be blocked? When i open website i got You do not have permission to view this directory or page. – Niranjan Jun 25 '18 at 03:12
  • Thanks for your help. Could you tell me how long my ip address will be blocked? – Niranjan Jun 25 '18 at 03:15
  • Based on my understanding,according to your requestIntervalInMilliseconds and maxRequests setting. Usually, dynamicIpSecurity is used for protecting your app against DDOS – Tom Sun - MSFT Jun 25 '18 at 03:20