Geek asks and answers

ASP.NET Web Application Prevents Denial of Service Attacks

What tools or methods can I use to protect my ASP.NET web application from denial of service attacks

+3
source share
3 answers

Try the dynamic IP extension http://www.iis.net/download/dynamiciprestrictions

Not an ideal solution, but it helps to raise the bar =)

+3
source

This is a wide area, so if you can be more specific about your application or the level of threat you are trying to protect against, I’m sure more people can help you.

, , , Squid: http://www.blyon.com/using-squid-proxy-to-fight-ddos/, Dynamic IP Restriction ( ), , - , -, / . , , DDOS .

+3

, - DOS, , , IIS, , - , , dos.

FIFO (First In First Out), Queue, , .

, , :

public class AntiDosAttack
{
  readonly static List<IpObject> items = new List<IpObject>();

  public static void Monitor(int Capacity, int Seconds2Keep, int AllowedCount)
  {
    string ip = HttpContext.Current.Request.UserHostAddress;

    if (ip == "")
    return;

    // This part to exclude some useful requesters
    if(HttpContext.Current.Request.UserAgent != null && HttpContext.Current.Request.UserAgent == "Some good bots")
      return;

    // to remove old requests from collection
    int index = -1;
    for (int i = 0; i < items.Count; i++)
    {

      if ((DateTime.Now - items[i].Date).TotalSeconds > Seconds2Keep)
      {
        index = i;
        break;
      }
    }

    if (index > -1)
    {
      items.RemoveRange(index, items.Count - index);
    }

    // Add new IP
    items.Insert(0, new IpObject(ip));

    // Trim collection capacity to original size, I could not find a better reliable way
    if (items.Count > Capacity)
    {
      items.RemoveAt(items.Count - 1);
    }

    // Count of currect IP in collection
    int count = items.Count(t => t.IP == ip);

    // Decide on block or bypass
    if (count > AllowedCount)
    {
      // alert webmaster by email (optional)
      ErrorReport.Report.ToWebmaster(new Exception("Blocked probable ongoing ddos attack"), "EvrinHost 24 / 7 Support - DDOS Block", "");

      // create a response code 429 or whatever needed and end response
      HttpContext.Current.Response.StatusCode = 429;
      HttpContext.Current.Response.StatusDescription = "Too Many Requests, Slow down Cowboy!";
      HttpContext.Current.Response.Write("Too Many Requests");
      HttpContext.Current.Response.Flush(); // Sends all currently buffered output to the client.
      HttpContext.Current.Response.SuppressContent = true;  // Gets or sets a value indicating whether to send HTTP content to the client.
      HttpContext.Current.ApplicationInstance.CompleteRequest(); // Causes ASP.NET to bypass all events and filtering in the HTTP pipeline chain of execution and directly execute the EndRequest event.
    }
  }

  internal class IpObject
  {
    public IpObject(string ip)
    {
      IP = ip;
      Date = DateTime.Now;
    }

    public string IP { get; set; }
    public DateTime Date { get; set; }
  }
}

.

, DOS Attack , - , , Session_Start.

:

protected void Session_Start(object sender, EventArgs e)
{
   // numbers can be tuned for different purposes, this one is for a website with low requests
   // this means: prevent a request if exceeds 10 out of total 30 in 2 seconds
   AntiDosAttack.Monitor(30, 2, 10);
}

, , .

I don’t know if there is a better solution to block intentional attacks on the website, so I appreciate any comments and suggestions for improving the code. By then, I consider it best practice to prevent DOS programs on ASP.NET websites.

+1
source

More articles:


All Articles