IIS 中的请求速率限制 url
Request Rate Limiting in IIS by url
在我的应用程序中,我想限制服务器处理对我网站登录页面的请求,如果请求增加了特定数量,那么 IIS 应该在一段时间内阻止该 IP 地址。我已经使用了 IIS 'IP Address and Domain Restrictions' 功能,但如果请求来自登录页面而不是我网站上的任何其他页面和操作,我想阻止该请求。我们如何使用 IIS 实现此目的?
IIS IP 限制只能用于网站级别。您不能为特定控制器或文件夹设置动态 IP 限制。
所以建议改用自定义httpmodule。您可以在此代码中添加一个过滤器,以便 httpmodule 仅验证您登录页面的命中数。
CS1
public class UrlReWrite : IHttpModule
{
private int rowCount = Convert.ToInt32(ConfigurationManager.AppSettings["HttpRowCount"]);
private int httpTime = Convert.ToInt32(ConfigurationManager.AppSettings["HttpTime"]);
public void Init(HttpApplication application)
{
application.BeginRequest += (new
EventHandler(this.Application_BeginRequest));
application.EndRequest += (new
EventHandler(this.Application_EndRequest));
}
private void Application_BeginRequest(Object source, EventArgs e)
{
HttpApplication Application = (HttpApplication)source;
HttpContext ctx = Application.Context;
string isIp = ctx.Request.UserHostAddress;
if (ctx.Application["time"] == null)
{
ctx.Application["time"] = DateTime.Now;
}
else
{
DateTime isTime = (DateTime)ctx.Application["time"];
int timeTract = Convert.ToInt32(DateTime.Now.Subtract(isTime).Minutes.ToString());
if (timeTract > (httpTime - 1))
{
ctx.Application["time"] = null;
ctx.Application["myip"] = null;
}
}
if (ctx.Application["myip"] != null && ctx.Application["myip"] is CartIp)
{
CartIp cartIp = (CartIp)ctx.Application["myip"];
cartIp.Insert(isIp);
ctx.Application["myip"] = cartIp;
if (cartIp.GetCount(isIp) > rowCount)
{
ctx.Response.Clear();
ctx.Response.Close();
}
}
else
{
CartIp cartIp = new CartIp();
cartIp.Insert(isIp);
HttpContext.Current.Application["myip"] = cartIp;
}
}
private void Application_EndRequest(Object source, EventArgs e)
{
}
public void Dispose()
{
}
}
}
class2.cs
[Serializable]
public class ListIp
{
private string ip;
private int count;
public string IP
{
get { return ip; }
set { ip = value; }
}
public int Count
{
get { return count; }
set { count = value; }
}
}
[Serializable]
public class CartIp
{
public CartIp()
{
if (_listIp == null)
{
_listIp = new List<ListIp>();
}
}
private List<ListIp> _listIp;
public List<ListIp> _ListIp
{
get { return _listIp; }
set { _listIp = value; }
}
public void Insert(string ip)
{
int indexof = ItemLastInfo(ip);
if (indexof == -1)
{
ListIp item = new ListIp();
item.IP = ip;
_listIp.Add(item);
}
else
{
_listIp[indexof].Count += 1;
}
}
public int ItemLastInfo(string ip)
{
int index = 0;
foreach (ListIp item in _ListIp)
{
if (item.IP == ip)
{
return index;
}
index += 1;
}
return -1;
}
/// <summary>
/// get number of IP address
/// </summary>
/// <param name="ip"></param>
/// <returns></returns>
public int GetCount(string ip)
{
foreach (ListIp item in _ListIp)
{
if (item.IP == ip)
{
return item.Count;
}
}
return -1;
}
}
web.config
<appSettings>
<add key="HttpRowCount" value="100"/>
<add key="HttpTime" value="10"/>
</appSettings>
您只需要创建一个 class 库。然后复制并修改这些代码以实现您的要求。最后,需要将release dll复制到bin文件夹下,通过IIS管理器->站点节点->模块->添加托管模块导入。
https://www.cnblogs.com/Fooo/archive/2013/01/27/2878820.html
在我的应用程序中,我想限制服务器处理对我网站登录页面的请求,如果请求增加了特定数量,那么 IIS 应该在一段时间内阻止该 IP 地址。我已经使用了 IIS 'IP Address and Domain Restrictions' 功能,但如果请求来自登录页面而不是我网站上的任何其他页面和操作,我想阻止该请求。我们如何使用 IIS 实现此目的?
IIS IP 限制只能用于网站级别。您不能为特定控制器或文件夹设置动态 IP 限制。 所以建议改用自定义httpmodule。您可以在此代码中添加一个过滤器,以便 httpmodule 仅验证您登录页面的命中数。
CS1
public class UrlReWrite : IHttpModule
{
private int rowCount = Convert.ToInt32(ConfigurationManager.AppSettings["HttpRowCount"]);
private int httpTime = Convert.ToInt32(ConfigurationManager.AppSettings["HttpTime"]);
public void Init(HttpApplication application)
{
application.BeginRequest += (new
EventHandler(this.Application_BeginRequest));
application.EndRequest += (new
EventHandler(this.Application_EndRequest));
}
private void Application_BeginRequest(Object source, EventArgs e)
{
HttpApplication Application = (HttpApplication)source;
HttpContext ctx = Application.Context;
string isIp = ctx.Request.UserHostAddress;
if (ctx.Application["time"] == null)
{
ctx.Application["time"] = DateTime.Now;
}
else
{
DateTime isTime = (DateTime)ctx.Application["time"];
int timeTract = Convert.ToInt32(DateTime.Now.Subtract(isTime).Minutes.ToString());
if (timeTract > (httpTime - 1))
{
ctx.Application["time"] = null;
ctx.Application["myip"] = null;
}
}
if (ctx.Application["myip"] != null && ctx.Application["myip"] is CartIp)
{
CartIp cartIp = (CartIp)ctx.Application["myip"];
cartIp.Insert(isIp);
ctx.Application["myip"] = cartIp;
if (cartIp.GetCount(isIp) > rowCount)
{
ctx.Response.Clear();
ctx.Response.Close();
}
}
else
{
CartIp cartIp = new CartIp();
cartIp.Insert(isIp);
HttpContext.Current.Application["myip"] = cartIp;
}
}
private void Application_EndRequest(Object source, EventArgs e)
{
}
public void Dispose()
{
}
}
}
class2.cs
[Serializable]
public class ListIp
{
private string ip;
private int count;
public string IP
{
get { return ip; }
set { ip = value; }
}
public int Count
{
get { return count; }
set { count = value; }
}
}
[Serializable]
public class CartIp
{
public CartIp()
{
if (_listIp == null)
{
_listIp = new List<ListIp>();
}
}
private List<ListIp> _listIp;
public List<ListIp> _ListIp
{
get { return _listIp; }
set { _listIp = value; }
}
public void Insert(string ip)
{
int indexof = ItemLastInfo(ip);
if (indexof == -1)
{
ListIp item = new ListIp();
item.IP = ip;
_listIp.Add(item);
}
else
{
_listIp[indexof].Count += 1;
}
}
public int ItemLastInfo(string ip)
{
int index = 0;
foreach (ListIp item in _ListIp)
{
if (item.IP == ip)
{
return index;
}
index += 1;
}
return -1;
}
/// <summary>
/// get number of IP address
/// </summary>
/// <param name="ip"></param>
/// <returns></returns>
public int GetCount(string ip)
{
foreach (ListIp item in _ListIp)
{
if (item.IP == ip)
{
return item.Count;
}
}
return -1;
}
}
web.config
<appSettings>
<add key="HttpRowCount" value="100"/>
<add key="HttpTime" value="10"/>
</appSettings>
您只需要创建一个 class 库。然后复制并修改这些代码以实现您的要求。最后,需要将release dll复制到bin文件夹下,通过IIS管理器->站点节点->模块->添加托管模块导入。
https://www.cnblogs.com/Fooo/archive/2013/01/27/2878820.html