public override void ApplyFilter(RequestFilteringContext context)
{
if (!context.HttpContext.Request.QueryString.HasValue)
{
context.Result = RequestFilteringResult.Continue;
return;
}
if (Options.AllowUnlisted)
{
if (Options.QueryStrings.Any(q => context.HttpContext.Request.Query[q.QueryString].SingleOrDefault() != null && q.Allowed == false))
{
context.HttpContext.Response.StatusCode = 404;
context.Result = RequestFilteringResult.StopFilters;
return;
}
context.Result = RequestFilteringResult.Continue;
}
else
{
if (Options.QueryStrings.Any(q => context.HttpContext.Request.Query[q.QueryString].SingleOrDefault() != null && q.Allowed == true))
{
context.Result = RequestFilteringResult.Continue;
return;
}
context.HttpContext.Response.StatusCode = 404;
context.Result = RequestFilteringResult.StopFilters;
}
}
public override void ApplyFilter(RequestFilteringContext context)
{
var extension = Path.GetExtension(context.HttpContext.Request.Path.Value);
if (Options.AllowUnlisted)
{
if (Options.FileExtensions.Any(f => f.Extension == extension && f.Allowed == false))
{
context.HttpContext.Response.StatusCode = 404;
context.Result = RequestFilteringResult.StopFilters;
return;
}
context.Result = RequestFilteringResult.Continue;
}
else
{
if (Options.FileExtensions.Any(f => f.Extension == extension && f.Allowed == true))
{
context.Result = RequestFilteringResult.Continue;
return;
}
context.HttpContext.Response.StatusCode = 404;
context.Result = RequestFilteringResult.StopFilters;
}
}
public override void ApplyFilter(RequestFilteringContext context)
{
if (Options.MaxAllowedContentLength < context.HttpContext.Request.ContentLength)
{
context.HttpContext.Response.StatusCode = 404;
context.Result = RequestFilteringResult.StopFilters;
}
if (Options.MaxQueryString < context.HttpContext.Request.QueryString.Value.Length)
{
context.HttpContext.Response.StatusCode = 404;
context.Result = RequestFilteringResult.StopFilters;
}
if (Options.MaxUrl < context.HttpContext.Request.GetDisplayUrl().Length)
{
context.HttpContext.Response.StatusCode = 404;
context.Result = RequestFilteringResult.StopFilters;
}
Options.Headers.ToList().ForEach(header => {
if (context.HttpContext.Request.Headers.Keys.Contains(header.Header) && context.HttpContext.Request.Headers[header.Header].ToString().LongCount() > header.SizeLimit)
{
context.HttpContext.Response.StatusCode = 404;
context.Result = RequestFilteringResult.StopFilters;
return;
}
});
context.Result = RequestFilteringResult.Continue;
}
public override void ApplyFilter(RequestFilteringContext context)
{
var verb = context.HttpContext.Request.Method;
if (Options.AllowUnlisted)
{
if (Options.HttpMethods.Any(v => v.Verb.Equals(verb, StringComparison.OrdinalIgnoreCase) && v.Allowed == false))
{
context.HttpContext.Response.StatusCode = 404;
context.Result = RequestFilteringResult.StopFilters;
return;
}
context.Result = RequestFilteringResult.Continue;
}
else
{
if (Options.HttpMethods.Any(v => v.Verb.Equals(verb, StringComparison.OrdinalIgnoreCase) && v.Allowed == true))
{
context.Result = RequestFilteringResult.Continue;
return;
}
context.HttpContext.Response.StatusCode = 404;
context.Result = RequestFilteringResult.StopFilters;
}
}
public Task Invoke(HttpContext context)
{
if (context == null)
{
throw new ArgumentNullException(nameof(context));
}
var requestFilteringContext = new RequestFilteringContext {
HttpContext = context,
Result = RequestFilteringResult.Continue
};
foreach (var filter in _options.Filters)
{
filter.ApplyFilter(requestFilteringContext);
switch (requestFilteringContext.Result)
{
case RequestFilteringResult.Continue:
break;
case RequestFilteringResult.StopFilters:
return(Task.FromResult(0));
default:
throw new ArgumentOutOfRangeException($"Invalid filter termination {requestFilteringContext.Result}");
}
}
return(_next(context));
}
public override void ApplyFilter(RequestFilteringContext context)
{
var url = context.HttpContext.Request.Path.Value;
if (Options.AllowedUrls.Contains(url))
{
context.Result = RequestFilteringResult.Continue;
}
else
{
Options.DeniedUrlSequences.ToList().ForEach(s => {
if (url.Contains(s))
{
context.HttpContext.Response.StatusCode = 404;
context.Result = RequestFilteringResult.StopFilters;
}
});
}
}
public override void ApplyFilter(RequestFilteringContext context)
{
var path = context.HttpContext.Request.Path.Value;
var segments = path.Split(new char[] { '/' }, StringSplitOptions.RemoveEmptyEntries);
if (segments.Length == 0)
{
context.Result = RequestFilteringResult.Continue;
return;
}
if (Options.HiddenSegments.Any(segment => segments.Contains(segment)))
{
context.HttpContext.Response.StatusCode = 404;
context.Result = RequestFilteringResult.StopFilters;
return;
}
context.Result = RequestFilteringResult.Continue;
}
