public override void ApplyFilter(RequestFilteringContext context) { if (!context.HttpContext.Request.QueryString.HasValue) { context.Result = RequestFilteringResult.Continue; return; } if (Options.AllowUnlisted) { if (Options.QueryStrings.Any(q => context.HttpContext.Request.Query[q.QueryString].SingleOrDefault() != null && q.Allowed == false)) { context.HttpContext.Response.StatusCode = 404; context.Result = RequestFilteringResult.StopFilters; return; } context.Result = RequestFilteringResult.Continue; } else { if (Options.QueryStrings.Any(q => context.HttpContext.Request.Query[q.QueryString].SingleOrDefault() != null && q.Allowed == true)) { context.Result = RequestFilteringResult.Continue; return; } context.HttpContext.Response.StatusCode = 404; context.Result = RequestFilteringResult.StopFilters; } }
public override void ApplyFilter(RequestFilteringContext context) { var extension = Path.GetExtension(context.HttpContext.Request.Path.Value); if (Options.AllowUnlisted) { if (Options.FileExtensions.Any(f => f.Extension == extension && f.Allowed == false)) { context.HttpContext.Response.StatusCode = 404; context.Result = RequestFilteringResult.StopFilters; return; } context.Result = RequestFilteringResult.Continue; } else { if (Options.FileExtensions.Any(f => f.Extension == extension && f.Allowed == true)) { context.Result = RequestFilteringResult.Continue; return; } context.HttpContext.Response.StatusCode = 404; context.Result = RequestFilteringResult.StopFilters; } }
public override void ApplyFilter(RequestFilteringContext context) { if (Options.MaxAllowedContentLength < context.HttpContext.Request.ContentLength) { context.HttpContext.Response.StatusCode = 404; context.Result = RequestFilteringResult.StopFilters; } if (Options.MaxQueryString < context.HttpContext.Request.QueryString.Value.Length) { context.HttpContext.Response.StatusCode = 404; context.Result = RequestFilteringResult.StopFilters; } if (Options.MaxUrl < context.HttpContext.Request.GetDisplayUrl().Length) { context.HttpContext.Response.StatusCode = 404; context.Result = RequestFilteringResult.StopFilters; } Options.Headers.ToList().ForEach(header => { if (context.HttpContext.Request.Headers.Keys.Contains(header.Header) && context.HttpContext.Request.Headers[header.Header].ToString().LongCount() > header.SizeLimit) { context.HttpContext.Response.StatusCode = 404; context.Result = RequestFilteringResult.StopFilters; return; } }); context.Result = RequestFilteringResult.Continue; }
public override void ApplyFilter(RequestFilteringContext context) { var verb = context.HttpContext.Request.Method; if (Options.AllowUnlisted) { if (Options.HttpMethods.Any(v => v.Verb.Equals(verb, StringComparison.OrdinalIgnoreCase) && v.Allowed == false)) { context.HttpContext.Response.StatusCode = 404; context.Result = RequestFilteringResult.StopFilters; return; } context.Result = RequestFilteringResult.Continue; } else { if (Options.HttpMethods.Any(v => v.Verb.Equals(verb, StringComparison.OrdinalIgnoreCase) && v.Allowed == true)) { context.Result = RequestFilteringResult.Continue; return; } context.HttpContext.Response.StatusCode = 404; context.Result = RequestFilteringResult.StopFilters; } }
public Task Invoke(HttpContext context) { if (context == null) { throw new ArgumentNullException(nameof(context)); } var requestFilteringContext = new RequestFilteringContext { HttpContext = context, Result = RequestFilteringResult.Continue }; foreach (var filter in _options.Filters) { filter.ApplyFilter(requestFilteringContext); switch (requestFilteringContext.Result) { case RequestFilteringResult.Continue: break; case RequestFilteringResult.StopFilters: return(Task.FromResult(0)); default: throw new ArgumentOutOfRangeException($"Invalid filter termination {requestFilteringContext.Result}"); } } return(_next(context)); }
public override void ApplyFilter(RequestFilteringContext context) { var url = context.HttpContext.Request.Path.Value; if (Options.AllowedUrls.Contains(url)) { context.Result = RequestFilteringResult.Continue; } else { Options.DeniedUrlSequences.ToList().ForEach(s => { if (url.Contains(s)) { context.HttpContext.Response.StatusCode = 404; context.Result = RequestFilteringResult.StopFilters; } }); } }
public override void ApplyFilter(RequestFilteringContext context) { var path = context.HttpContext.Request.Path.Value; var segments = path.Split(new char[] { '/' }, StringSplitOptions.RemoveEmptyEntries); if (segments.Length == 0) { context.Result = RequestFilteringResult.Continue; return; } if (Options.HiddenSegments.Any(segment => segments.Contains(segment))) { context.HttpContext.Response.StatusCode = 404; context.Result = RequestFilteringResult.StopFilters; return; } context.Result = RequestFilteringResult.Continue; }