What is The best way of preventing the distributed denial-of-service and denial-of-service attacks in ASP.Net core?
How to handle protection in the request pipeline or separate middleware?
Asked
Active
Viewed 6,567 times
1 Answers
4
Apart from the obvious mitigation you can (and should) implement before the requests reach your application (e.g. in the web server itself), there are a number of ways to implement so-called request throttling in your pipeline.
Luckily, you don't need to re-invent the wheel. There are myriad NuGet packages and open-source projects that address this and that you can learn from.
The essence of it is, that you intercept the incoming requests and persist things like request URI and IP while cross-checking a request-per-time-unit limit and imposing a cool-down period when needed.
Needless to say, you'd put this as far up in your application's request pipeline as possible.
The following isn't a software recommendation but more of an example to learn about how this sort of middleware can be built. It really isn't that hard to grasp the basics of the process from it.
Wim Ombelets
- 5,097
- 3
- 39
- 55
-
Ok. as you say the web servers can do that. for example, the IIS web server handles this problem with Dynamic IP Restrictions. I'm going to handle this problem with a package But I can't find a useful package for this problem. – Iman Bahrampour Nov 28 '18 at 11:15
-
I'd go over to software recommendations SE for that as this is beyond the scope of SO – Wim Ombelets Nov 28 '18 at 11:40