ASP. NET Core uses Urlfirewall to filter requests

Tag: Deb env mode figure rule verifies als IAP TCO

I. Preface

UrlFirewallis an open source, lightweight middleware for filtering HTTP requests, which can be used on WEBAPI or gateways (such as Ocelot), written by me, and open source in Github:https://github.com/stulzq/urlfirewall Welcome to star.

Two. Urlfirewall Introduction

The Urlfirewall is an HTTP request filtering middleware that can be paired with a gateway (Ocelot) to enable a shielded extranet to access the internal interface, allowing only internal interfaces to communicate with each other without exposing to the outside. It supports blacklist mode and whitelist mode, and supports custom HTTP request response codes. With good extensibility, it can implement the verification logic by itself, and realize the retrieval of rules from the database or the Redis cache media.

Three. Use 1. Add components from NuGet to your ASP. NET Core Project

Install-Package UrlFirewall.AspNetCore

2. Configure Di

public void ConfigureServices(IServiceCollection services){    services.AddUrlFirewall(options =>    {        options.RuleType = UrlFirewallRuleType.Black;        options.SetRuleList(Configuration.GetSection("UrlBlackList"));        options.StatusCode = HttpStatusCode.NotFound;    });    services.AddMvc();    //...}

3. Configuring middleware

The location of the Urlfirewall middleware must be placed in the first

public void Configure(IApplicationBuilder app, IHostingEnvironment env){    //Configure url firewall middleware. Top most.    app.UseUrlFirewall();    if (env.IsDevelopment())    {        app.UseDeveloperExceptionPage();    }    app.UseMvc();}

4. Configuration rules

According to step 2, the section name used · UrlBlackList We're in appsettings.json/appsettings. The following configuration is added to the Devolopment.json file;

{  "Logging": {    "Includescopes": false,    "LogLevel": {      "Default": "Debug",      "System": "Information",      "Microsoft": "Information"    }  },  "Urlblacklist": [    {      "Url": "/api/cart/add",      "Method": "All"    },    {      "Url": "/api/cart/del",      "Method": "Post"    },    {      "Url": "/api/cart/list",      "Method": "Get"    },    {      "Url": "/api/product/*",      "Method": "All"    }  ]}

The URL field represents the URL of the HTTP request to intercept, supports wildcard characters, * and ? represents any * number of characters that match an arbitrary character ? . Methodrepresents the HTTP request method, on All behalf of all, and Get Post Delete Put .

Four. Expansion

If you want to implement your own validation logic, or query and fetch data from a database, Redis cache, and other media, you can implement the IUrlFirewallValidator interface and then invoke the AddUrlFirewallValidator method to replace the default implementation.

Example:

services.AddUrlFirewall(options =>{    options.RuleType = UrlFirewallRuleType.Black;    options.SetRuleList(Configuration.GetSection("UrlBlackList"));    options.StatusCode = HttpStatusCode.NotFound;}).AddUrlFirewallValidator<CustomValidator>();

Five. Address

Source Code and Demo:https://github.com/stulzq/urlfirewall

ASP. NET Core uses Urlfirewall to filter requests