在IIS中通过URL限制请求速率

gijlo24d  于 2023-03-30  发布在  其他
关注(0)|答案(2)|浏览(127)

在我的应用程序中,我想限制请求到我的网站的登录页面由服务器处理,如果请求增加了特定的数字,那么IIS应该阻止该IP地址一段时间。我已经通过了IIS的IP地址和域限制功能,但我想阻止请求,如果请求来登录页面,而不是任何其他页面和操作我的网站。如何使用IIS实现这一点?

iis

2条答案

按热度按时间
sauutmhj

sauutmhj1#

IIS IP限制只能用于站点级别。您不能为特定的控制器或文件夹设置动态IP限制。因此建议使用自定义httpmodule。您可以在此代码中添加一个过滤器,以便httpmodule只验证登录页面的命中数。
CS1

public class UrlReWrite : IHttpModule
        {

            private int rowCount = Convert.ToInt32(ConfigurationManager.AppSettings["HttpRowCount"]);

            private int httpTime = Convert.ToInt32(ConfigurationManager.AppSettings["HttpTime"]);
            public void Init(HttpApplication application)
            {
                application.BeginRequest += (new
                   EventHandler(this.Application_BeginRequest));
                application.EndRequest += (new
                   EventHandler(this.Application_EndRequest));
            }
            private void Application_BeginRequest(Object source, EventArgs e)
            {
                HttpApplication Application = (HttpApplication)source;
                HttpContext ctx = Application.Context;

                string isIp = ctx.Request.UserHostAddress;
                if (ctx.Application["time"] == null)
                {
                    ctx.Application["time"] = DateTime.Now;
                }
                else
                {
                    DateTime isTime = (DateTime)ctx.Application["time"];
                    int timeTract = Convert.ToInt32(DateTime.Now.Subtract(isTime).Minutes.ToString());
                    if (timeTract > (httpTime - 1))
                    {
                        ctx.Application["time"] = null;
                        ctx.Application["myip"] = null;
                    }
                }
                if (ctx.Application["myip"] != null && ctx.Application["myip"] is CartIp)
                {
                    CartIp cartIp = (CartIp)ctx.Application["myip"];
                    cartIp.Insert(isIp);
                    ctx.Application["myip"] = cartIp;
                    if (cartIp.GetCount(isIp) > rowCount)
                    {
                        ctx.Response.Clear();
                        ctx.Response.Close();
                    }
                }
                else
                {
                    CartIp cartIp = new CartIp();
                    cartIp.Insert(isIp);
                    HttpContext.Current.Application["myip"] = cartIp;
                }
            }
            private void Application_EndRequest(Object source, EventArgs e)
            {
            }
            public void Dispose()
            {
            }
        }
    }

class2.cs

[Serializable]
    public class ListIp
    {
        private string ip;
        private int count;

        public string IP
        {
            get { return ip; }
            set { ip = value; }
        }

        public int Count
        {
            get { return count; }
            set { count = value; }
        }
    }
    [Serializable]
    public class CartIp
    {
        public CartIp()
        {
            if (_listIp == null)
            {
                _listIp = new List<ListIp>();
            }
        }
        private List<ListIp> _listIp;
        public List<ListIp> _ListIp
        {
            get { return _listIp; }
            set { _listIp = value; }
        }

        public void Insert(string ip)
        {
            int indexof = ItemLastInfo(ip);
            if (indexof == -1)
            {

                ListIp item = new ListIp();
                item.IP = ip;
                _listIp.Add(item);
            }
            else
            {
                _listIp[indexof].Count += 1;
            }
        }

    public int ItemLastInfo(string ip)
    {
        int index = 0;
        foreach (ListIp item in _ListIp)
        {
            if (item.IP == ip)
            {
                return index;
            }
            index += 1;
        }
        return -1;
    }
    /// <summary>
    /// get number of IP address
    /// </summary>
    /// <param name="ip"></param>
    /// <returns></returns>
    public int GetCount(string ip)
    {
        foreach (ListIp item in _ListIp)
        {
            if (item.IP == ip)
            {
                return item.Count;
            }
        }
        return -1;
    }
}

web.config

<appSettings>
<add key="HttpRowCount" value="100"/>
<add key="HttpTime" value="10"/>
</appSettings>

您只需要创建一个类库,然后复制并修改这些代码来实现您的要求。最后,您需要将发布dll复制到bin文件夹中,并通过IIS管理器-〉站点节点-〉模块-〉添加托管模块导入。
https://www.cnblogs.com/Fooo/archive/2013/01/27/2878820.html

赞(0)分享  回复(0)举报  2023-03-30
new9mtju

new9mtju2#

这是一个很好的例子,谢谢分享。有一个小问题,这里是修复:

  • 使用时间跨度中的.TotalMinutes而不是.Minutes,这将防止用户访问一次,而不是一个小时左右。

下面是一个更新的例子,过滤器的URL。

using System;
using System.Collections.Generic;
using System.Text;
using System.Web;
using System.Configuration;

namespace Mvc.Util.Url
{
    public class UrlReWrite : IHttpModule
    {
        private int requestsRateLimit = GetAppSettings("HttpsLogonRequestsRateLimit");
        private int requestsTimeLimit = GetAppSettings("HttpsLogonRequestsTimeInMinutes");

        private static int GetAppSettings(string appSettingsKey)
        {
            int ret = 0;
            if (ConfigurationManager.AppSettings[appSettingsKey] != null)
            {
                Int32.TryParse(ConfigurationManager.AppSettings[appSettingsKey], out ret);
            }
            return ret;
        }

        public void Init(HttpApplication application)
        {
            application.BeginRequest += (new EventHandler(this.Application_BeginRequest));
            application.EndRequest += (new EventHandler(this.Application_EndRequest));
        }

        private void Application_BeginRequest(Object source, EventArgs e)
        {
            if (requestsRateLimit > 0 && requestsTimeLimit > 0)
            {
                HttpApplication Application = (HttpApplication)source;
                HttpContext context = Application.Context;
                if (context.Request.Url.AbsoluteUri.ToLower().Contains("logon"))
                {
                    string isIp = context.Request.UserHostAddress;
                    if (context.Application["time"] == null)
                    {
                        context.Application["time"] = DateTime.Now;
                    }
                    else
                    {
                        DateTime isTime = (DateTime)context.Application["time"];
                        int timeTract = Convert.ToInt32(DateTime.Now.Subtract(isTime).TotalMinutes.ToString());
                        if (timeTract > (requestsTimeLimit - 1))
                        {
                            context.Application["time"] = null;
                            context.Application["ip"] = null;
                        }
                    }
                    if (context.Application["ip"] != null && context.Application["ip"] is CartIp)
                    {
                        CartIp cartIp = (CartIp)context.Application["ip"];
                        cartIp.Insert(isIp);
                        context.Application["ip"] = cartIp;
                        if (cartIp.GetCount(isIp) > requestsRateLimit)
                        {
                            this.LogData(context, cartIp.GetCount(isIp), requestsRateLimit, requestsTimeLimit);
                            context.Response.StatusCode = 403;
                            context.Response.StatusDescription = "Forbidden";
                            string content = @"your html content here";
                            context.Response.Write(content);
                        }
                    }
                    else
                    {
                        CartIp cartIp = new CartIp();
                        cartIp.Insert(isIp);
                        HttpContext.Current.Application["ip"] = cartIp;
                    }
                }
            }
        }

        private void Application_EndRequest(Object source, EventArgs e)
        {
        }

        public void Dispose()
        {
        }

    }
}
赞(0)分享  回复(0)举报  2023-03-30
我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备2022004421号-2 NULL123 https://www.null123.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com