阻止或限制不需要的流量到 Asp.Net Web 应用程序 [英] Block or limit unwanted traffic to Asp.Net Web Application
问题描述
我有一个面向一小群国际用户的 Asp.net 4.5 MVC Web 应用程序.应用中的所有功能仅对经过身份验证的用户可用,除登录页面外没有任何公开内容.
I have a Asp.net 4.5 MVC web application intended for a small group of international users. All functions available in the application are available to authenticated users only, there is no public content except for the login page.
有一段时间我有一个错误报告系统,如果发生未处理的错误,它会向我发送电子邮件.其中一些报告包括对页面的请求,这些页面明显是基于机器人的安全扫描以寻找漏洞.为了进一步研究这个问题,我安装了一个 ip 日志系统,我可以用它来将某些 ip 地址列入黑名单(并存储在数据库表中),然后使用 global.asax 中的 Application_BeginRequest() 方法返回 404对于来自列入黑名单的 ip 的请求.
For awhile I have had an error reporting system that emails me if an unhandled error occurs. Some of these reports include requests for pages that are obvious bot based security scans looking for holes. In an attempt to look at this problem further I installed an ip logging system that I could use to black list certain ip addresses (and store in a database table) and then use the Application_BeginRequest() method in the global.asax to return a 404 for a request from a blacklisted ip.
但是,我最近部署了该例程,现在看到我从数千个不同的 IP 地址扫描和寻找漏洞中获得了数千个不需要的点击.作为其中的一部分,我记录了请求的 url,最常见的一种如下所示:
However, I recently deployed the routine and now see i am getting thousands of unwanted hits from thousands of different ip address scanning and looking for holes. As part of this I record the requested url, one of the most common looks like the following:
/Account/SetCulture?culture=fr-FR&returnUrl=http%3A%2F%2Fwww.mellon-associates.com%2FUserProfile%2Ftabid%2F42%2FuserId%2F26403%2FDefault.aspx
/Account/SetCulture?culture=fr-FR&returnUrl=http%3A%2F%2Fwww.mellon-associates.com%2FUserProfile%2Ftabid%2F42%2FuserId%2F26403%2FDefault.aspx
returnUrl 参数有很多变化.这当然不起作用,因为应用程序不支持外部网址.
There are many variations on the returnUrl parameter. This doesn't work of course, as external urls are not supported by the application.
无论如何,我将非常感谢有关如何锁定此应用程序和主机服务器的一些建议.我将只使用白名单方法作为最后的手段,因为我不一定知道用户来自哪个 IP.
Regardless, I would greatly appreciate some suggestions on how I can lock down this application and the host server. I would use a white list only approach as a last resort as I don't necessarily know what ip a user is coming from.
谢谢,约翰
推荐答案
可以使用部分 IIS
You can use parts of IIS
- 请求过滤"用于锁定 url 中的任何部分.
- 针对基于请求频率的拒绝请求的动态 IP 限制".
- IP 地址白/黑名单的IP 地址和域限制".
这篇关于阻止或限制不需要的流量到 Asp.Net Web 应用程序的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
