Asp. NET site limit access frequency

Recently made a free texting Small website (http://freesms.cloudapp.net/), but found that someone recently cracked my verification code to use my SMS service to send his ads every 3 seconds/speed. Changing the code program and filtering the keyword is just a way to prevent this from happening, so let's look at how to do it through an optimization program.

In fact, the same program in addition to prevent other people spamming requests, but also for the prevention of Denial of service (DoS) attack also apply Oh. You might as well take a look.

Basic goal : limit the frequency at which the same IP accesses the site. For example, we limit the maximum number of users who come from the same IP every 240 minutes to access the first page 40 times and 200 times on other pages.

For example, you can now open http://freesms.cloudapp.net/this site to try, refresh 40 times, you can find that you will not be able to access the correct site content in 4 hours.

Basic Idea :

1. Record access times with Httpcontext.cache
2. The use of IP values and user access as a common key, you can have different access methods of users to make different restrictions.
3. Call Response.End () when the limit is exceeded.

Specific code:

One, define the duration

In this example, we use 240 minutes as the time limit.

Private Const int DURATION = 240   

Second, define access mode enumeration

different restrictions apply to different access modes. In this case, we only distinguish between two access methods: normal access and postback. In normal applications, you can also increase the limit of access to different pages as needed.

     Actiontypeenum         {             normal=40,             postback=100         }

third, the judgment logic

1. When an IP is accessed for the first time by a certain access method, the Key= access method of the cache is increased +IP, which returns true
2. If key already exists, increase the number of accesses, return true
3. Returns False if the number of times is exceeded

public static bool IsValid (Actiontypeenum ActionType) {HttpContext context =HttpContext.Current;if (context. Request.Browser.Crawler)return false; string key = actiontype.tostring () + context. request.userhostaddress; int hit = (int32) (context.) Cache[key]?? 0); if (Hit > (int32) ActionType) return false; else hit++; if (hit = = 1) {context. Cache.Add (key, hit, datetime.now.addminutes ( DURATION), System.Web.Caching. cache.noslidingexpiration, System.Web.Caching. cacheitempriority.normal, null);} else {context. Cache[key] = hit; } return true;}            

Iv. Calling in the page

the judgment function needs to be called in the OnInit method of the page. Here, you need to use some of your own defined logic to make judgments about different ways of accessing it. The following example is one of the simplest, only to differentiate between normal access and postback.

protected override void OnInit (EventArgs e) { base.    OnInit (e); if (! IsPostBack) { if (!  Actionvalidator.isvalid (actionvalidator.  Actiontypeenum.normal) {Response.Write ("You send it too often and are judged by the system as an advertisement.") Advertising or other customized business please contact email [email protected], thank you. -Http://freesms.cloudapp.net "); Response.End (); }}} else { if (!  Actionvalidator.isvalid (actionvalidator.  Actiontypeenum.postback) {Response.Write ("You send it too often and are judged by the system as an advertisement.") Advertising or other customized business please contact email [email protected], thank you. -Http://freesms.cloudapp.net "); Response.End (); } }}

PS: The enemy is always cunning, and later I found that the person through the use of proxy to transform IP, continue to send ads through my service. This will continue to optimize the program, such as the MD5 of advertising content as a key record. Maybe you too, need to face a variety of "enemy". Oh, I hope this article has helped you!

Asp. NET site limit access frequency