Tag: Deb env mode figure rule verifies als IAP TCO
I. Preface
UrlFirewall
is an open source, lightweight middleware for filtering HTTP requests, which can be used on WEBAPI or gateways (such as Ocelot), written by me, and open source in Github:https://github.com/stulzq/urlfirewall Welcome to star.
Two. Urlfirewall Introduction
The Urlfirewall is an HTTP request filtering middleware that can be paired with a gateway (Ocelot) to enable a shielded extranet to access the internal interface, allowing only internal interfaces to communicate with each other without exposing to the outside. It supports blacklist mode and whitelist mode, and supports custom HTTP request response codes. With good extensibility, it can implement the verification logic by itself, and realize the retrieval of rules from the database or the Redis cache media.
Three. Use 1. Add components from NuGet to your ASP. NET Core Project
Install-Package UrlFirewall.AspNetCore
2. Configure Di
public void ConfigureServices(IServiceCollection services){ services.AddUrlFirewall(options => { options.RuleType = UrlFirewallRuleType.Black; options.SetRuleList(Configuration.GetSection("UrlBlackList")); options.StatusCode = HttpStatusCode.NotFound; }); services.AddMvc(); //...}
3. Configuring middleware
The location of the Urlfirewall middleware must be placed in the first
public void Configure(IApplicationBuilder app, IHostingEnvironment env){ //Configure url firewall middleware. Top most. app.UseUrlFirewall(); if (env.IsDevelopment()) { app.UseDeveloperExceptionPage(); } app.UseMvc();}
4. Configuration rules
According to step 2, the section name used · UrlBlackList
We're in appsettings.json/appsettings. The following configuration is added to the Devolopment.json file;
{ "Logging": { "Includescopes": false, "LogLevel": { "Default": "Debug", "System": "Information", "Microsoft": "Information" } }, "Urlblacklist": [ { "Url": "/api/cart/add", "Method": "All" }, { "Url": "/api/cart/del", "Method": "Post" }, { "Url": "/api/cart/list", "Method": "Get" }, { "Url": "/api/product/*", "Method": "All" } ]}
The URL field represents the URL of the HTTP request to intercept, supports wildcard characters, *
and ?
represents any *
number of characters that match an arbitrary character ?
. Method
represents the HTTP request method, on All
behalf of all, and Get Post Delete Put
.
Four. Expansion
If you want to implement your own validation logic, or query and fetch data from a database, Redis cache, and other media, you can implement the IUrlFirewallValidator
interface and then invoke the AddUrlFirewallValidator
method to replace the default implementation.
Example:
services.AddUrlFirewall(options =>{ options.RuleType = UrlFirewallRuleType.Black; options.SetRuleList(Configuration.GetSection("UrlBlackList")); options.StatusCode = HttpStatusCode.NotFound;}).AddUrlFirewallValidator<CustomValidator>();
Five. Address
Source Code and Demo:https://github.com/stulzq/urlfirewall
ASP. NET Core uses Urlfirewall to filter requests