locked
Block request RRS feed

  • Question

  • User-1104215994 posted

    Hi,

    I wonder if there is a way to block requests from the same terminal if the request comes in 1 minute? I can get the terminal number in the Application Begin Request. But I couldn't figure it out how to check the requests of the same terminal in a minute.

    protected void Application_BeginRequest()
    {
         var terminal_number = HttpContext.Current.Request.Params["shopNo"];
    
         if (Check the requests)
         {
    
             Response.StatusCode = 429;
             Response.Write("Only requests from the same terminal are permitted in 1 minute");
             Response.End();
         }
    }

    Best Regards.

    Monday, January 27, 2020 12:26 PM

All replies

  • User475983607 posted

    I wonder if there is a way to block requests from the same terminal if the request comes in 1 minute? I can get the terminal number in the Application Begin Request. But I couldn't figure it out how to check the requests of the same terminal in a minute.

    Use a data store like database table or cache to store the terminal Id along with an DateTime field.  Check the data store on each request.

    Monday, January 27, 2020 12:35 PM
  • User-1104215994 posted

    When requests get bigger, does checking the DB affect the performance?

    Monday, January 27, 2020 12:51 PM
  • User475983607 posted

    When requests get bigger, does checking the DB affect the performance?

    Your follow up question is confusing. 

    Of course adding a feature to an existing application requires more clock cycles.  How this feature will affect your application is unknown to forum members.

    Monday, January 27, 2020 1:11 PM
  • User753101303 posted

    Hi

    Or cache the info. Depending on the purpose you could also consider using for example https://docs.microsoft.com/en-us/iis/manage/configuring-security/using-dynamic-ip-restrictions rather than including that directlly in your app.

    Monday, January 27, 2020 1:39 PM
  • User-1104215994 posted

    Actually my client is a chain store which has 7000 terminals, so there is only one IP that calls my web API.

    Monday, January 27, 2020 1:50 PM
  • User-1104215994 posted

    Can I implement such a solution for my problem?

    https://lachlanbarclay.net/2018/02/throttling-your-api-in-asp-dot-net

    Monday, February 10, 2020 5:25 AM
  • User475983607 posted

    Huh?  Now you are trying to stop a DOS attack? 

    Anyway, you've asked this question already.  Please read your previous thread(s).

    Monday, February 10, 2020 9:13 AM