JSON 负载字段的 IIS 8 块请求
IIS 8 block request by JSON payload fields
我有一个 MVC.NET 4 网络服务器,它接受带有 JSON 格式字符串作为请求数据的 HTTP POST 请求。
我想在请求到达服务器之前在 IIS 级别添加一条规则,以阻止某些正则表达式对该 JSON 字符串的请求。这可能吗?
既然你说了:
I want it to be in the IIS level to void more load of the the web
server level needing to create another thread for each request. The
reason I want to block some request is that they are not relevant to
my app anymore, the come in high load and I cannot stop them from the
clients side
您有 2 个选择:
- 请求过滤
- URL重写
请研究 IIS 7.0 Request Filtering and URL Rewriting article carefully to know the most important things about them. If your selection would be first one with highest priority, The <denyQueryStringSequences> 在涵盖某些过滤要求的地方会有用。要使用 regex,您需要使用第二个。以下示例规则可以停止处理 <rewrite>:
下的请求
<rule name="Block Bad Request Strings" stopProcessing="true">
<match url=".*" />
<conditions logicalGrouping="MatchAny" trackAllCaptures="false">
<add input="{QUERY_STRING}" pattern="id=([^\"]*[^-]?>)|(?:[^\w\s]\s*\\/>)|(?:>\") />
</conditions>
<action type="CustomResponse" statusCode="403" statusReason="Forbidden: Access is denied." statusDescription="You do not have permission" />
</rule>
有关详细信息,请参阅 URL Rewrite Module Configuration Reference
我认为创建和添加自定义 Http Module 可以解决您的问题。响应 BeginRequest 和 EndRequest 事件的每个请求都会调用 HTTP 模块。
我有一个 MVC.NET 4 网络服务器,它接受带有 JSON 格式字符串作为请求数据的 HTTP POST 请求。 我想在请求到达服务器之前在 IIS 级别添加一条规则,以阻止某些正则表达式对该 JSON 字符串的请求。这可能吗?
既然你说了:
I want it to be in the IIS level to void more load of the the web server level needing to create another thread for each request. The reason I want to block some request is that they are not relevant to my app anymore, the come in high load and I cannot stop them from the clients side
您有 2 个选择:
- 请求过滤
- URL重写
请研究 IIS 7.0 Request Filtering and URL Rewriting article carefully to know the most important things about them. If your selection would be first one with highest priority, The <denyQueryStringSequences> 在涵盖某些过滤要求的地方会有用。要使用 regex,您需要使用第二个。以下示例规则可以停止处理 <rewrite>:
<rule name="Block Bad Request Strings" stopProcessing="true">
<match url=".*" />
<conditions logicalGrouping="MatchAny" trackAllCaptures="false">
<add input="{QUERY_STRING}" pattern="id=([^\"]*[^-]?>)|(?:[^\w\s]\s*\\/>)|(?:>\") />
</conditions>
<action type="CustomResponse" statusCode="403" statusReason="Forbidden: Access is denied." statusDescription="You do not have permission" />
</rule>
有关详细信息,请参阅 URL Rewrite Module Configuration Reference
我认为创建和添加自定义 Http Module 可以解决您的问题。响应 BeginRequest 和 EndRequest 事件的每个请求都会调用 HTTP 模块。