/// <summary> /// Analyze a request for potential intrusion or other problems. /// </summary> /// <param name="request"></param> /// <returns></returns> public Report Analyze(IRequestContext request) { var report = new Report(); string ipAddress = request.RemoteIpAddress; string forwardedFor = request.GetHeader("X-Forwarded-For"); if(!string.IsNullOrEmpty(forwardedFor)) { bool recognizedProxyAddress = IsRecognizedReverseProxyAddress(ipAddress); forwardedFor = RewriteForwardedAddress(forwardedFor, ipAddress, recognizedProxyAddress); if(!string.IsNullOrEmpty(forwardedFor) && ipAddress != forwardedFor) { ipAddress = forwardedFor; report.RemoteAddressRewriteAdvised = true; } report.ForwardedIpAddressWasRecognizedProxy = recognizedProxyAddress; } report.OriginalRemoteAddress = request.RemoteIpAddress; report.RemoteAddress = ipAddress; return report; }
private Task<bool> TakeActionAsync(Report report, IntrusionAction actionToTake, IPlatform platform) { throw new NotImplementedException(); }
/// <summary> /// Takes any actions recommended by a report. Returns a <see cref="bool"/> indicating /// whether or not the request may still be handled by downstream middleware. When <see cref="TakeActionBasedOnReportAsync(Report, Mike.IPlatform)"/> /// returns <c>false</c>, the request must end after the call. If it returns <c>true</c> /// the request must be handed to downstream middleware. /// </summary> /// <param name="report">The report to action on.</param> /// <param name="platform">A platform providing Mike a way to interact with the hosting environment.</param> /// <returns> /// <c>true</c> if downstream middleware must still handle the request, or <c>false</c> /// if the response has already been sent to the client and downstream middleware cannot /// handle the request anymore. /// </returns> public async Task<bool> TakeActionBasedOnReportAsync(Report report, IPlatform platform) { if (report.RemoteAddressRewriteAdvised && !Configuration.DontAllowRewriteOfRemoteIpAddress) { platform.RewriteRemoteIpAddress(report.RemoteAddress); } IntrusionAction actionToTake = IntrusionAction.None; if (report.IntrusionDetected) { if(report.IsXhr) { actionToTake = Configuration.ActionWhenIntrusionDetectedXhr; } else { actionToTake = Configuration.ActionWhenIntrusionDetected; } } if (actionToTake == IntrusionAction.None && report.RateLimitReached) { if (report.IsXhr) { actionToTake = Configuration.ActionWhenRateLimitReachedXhr; } else { actionToTake = Configuration.ActionWhenRateLimitReached; } } if (actionToTake == IntrusionAction.None) { return true; } else { return await TakeActionAsync(report, actionToTake, platform); } }