防止ASP.NET Core中的拒绝服务(DoS)攻击的最佳实践 [英] Best practice for protecting against Denial of Service(DoS) attacks in ASP.NET Core

问题描述

我正在寻找有关ASP.NET Core Web应用程序拒绝服务(DoS)保护/缓解的最佳实践建议/指南(也许来自Microsoft?).

I'm looking for best practice advice/guidance (perhaps from Microsoft?) regarding denial of service (DoS) protection/mitigation for ASP.NET Core web applications.

到目前为止，我发现的主要两个选项是:

The main two options I have found so far are:

• AspNetCoreRateLimit (ASP.NET Core中间件)
• 动态IP限制(IIS模块-假定该站点是托管在IIS中.)

• AspNetCoreRateLimit (ASP.NET Core middleware)
• Dynamic IP Restrictions (IIS module - assuming the site is hosted in IIS).

在选择这些选项中的一个时，似乎有很多利弊，因此最好了解它们是什么，并且如果确实打算将AspNetCoreRateLimit与动态IP限制一起使用，则更好.是否.

It seems like there are a number of pros and cons to consider when choosing one of these options over the other, so it would be good to understand what those are, and indeed if AspNetCoreRateLimit is intended to be used alongside Dynamic IP Restrictions or not.

还请注意，AspNetCoreRateLimit不是Microsoft的ASP.NET Core版本的一部分，因此，我很想知道Microsoft的官方指南是什么.

Also note that AspNetCoreRateLimit is not part of ASP.NET Core releases from Microsoft, therefore I'm curious to know what Microsoft's official guidance is.

推荐答案

如果您有一个面向公众的网站并希望防止DDoS，最好在ASP Core应用之外进行.您应该调查诸如 ClouldFlare 之类的服务.

If you have a public facing website and want to prevent DDoS, doing it outside your ASP Core app would be the best method. You should investigate services like ClouldFlare.

这篇关于防止ASP.NET Core中的拒绝服务(DoS)攻击的最佳实践的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！