Web.config位置中的IIS动态IP限制 [英] IIS Dynamic IP restrictions in web.config location

问题描述

我正在尝试使用 IIS动态IP限制来来自同一IP的节流请求。如果我从IIS UI编辑动态限制设置，我运行模块并且请求被很好地限制。这很好，但我需要在不同的URL上有不同的费率。登录应该比静态资源更严格。我正在尝试在web.config中使用 locations 来实现此目的。

I'm trying to use IIS Dynamic IP Restrictions to throttle requests from the same IP. I have the module running and the requests are nicely throttled if I edit the dynamic restrictions settings from the IIS UI. This is nice however I need to have different rates on different URLs. Login should be for example more strict than static resources. I'm trying to use locations in web.config to achieve this.

<configuration>
  <location path="foo">
  <system.webServer>   
    <security>     
      <dynamicIpSecurity enableLoggingOnlyMode="true">       
         <denyByRequestRate enabled="true" maxRequests="1" 
            requestIntervalInMilliseconds="5000" />
      </dynamicIpSecurity>
   </security>  
  </system.webServer> 
  </location>
</configuration>

不幸的是，这不适用。我很确定它与我的应用程序无关，因为它在带有一个HTML文件的静态Web上也不起作用。我也非常确定位置路径是正确的，因为如果我添加 ...< deny users =*/> ，则会阻止请求。

Unfortunately, this doesn't apply. I'm quite sure it has nothing to do with my app because it doesn't work also on a static web with one HTML file. I'm also quite sure that the location path is correct, because the requests are blocked if I add ...<deny users="*" />.

推荐答案

这是不可能的。从模块描述：

This is not possible. From the module description:

可以配置此模块，以便可以在Web服务器上完成分析和阻止
或网站级别。

This module can be configured such that the analysis and blocking could be done at the Web Server or the Web Site level.

在内部，这是作为HttpModule（原生的HttpModule）实现的。 HttpModule针对每个请求运行 - 位置不会影响它们。如需参考，请查看
使用HTTPModule排除某些页面

Internally this is implemented as HttpModule (native HttpModule that is). HttpModule runs for every single request - location doesn't affect them. For reference check out Exclude certain pages from using a HTTPModule

所以你唯一的其他选择（如果你需要支持这个确切的模块）就是将你的网站组织成几个迷你应用程序。

So your only other option (if you need to support this exact module) is to organize your site to several mini-applications instead.

喜欢

/ - > root web application

/ -> root web application

/ Content - > web具有静态内容的应用程序

/Content -> web application with static content

/登录 - >具有登录功能的Web应用程序

/Login -> web application with login functionality

并且在每个迷你应用程序中使用适当的规则创建web.config。

And in every single mini-application create web.config with appropriate rules.

这篇关于Web.config位置中的IIS动态IP限制的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！