public static RequestFilteringOptions AddHttpVerbRequestFilter(this RequestFilteringOptions requestFilteringOptions, HttpVerbsOptions options)
{
if (options == null)
{
throw new ArgumentNullException(nameof(options));
}
var filter = new HttpVerbRequestFilter(options);
requestFilteringOptions.Filters.Add(filter);
return(requestFilteringOptions);
}
public static RequestFilteringOptions AddFileExtensionRequestFilter(this RequestFilteringOptions requestFilteringOptions, FileExtensionsOptions options)
{
if (options == null)
{
throw new ArgumentNullException(nameof(options));
}
var filter = new FileExtensionRequestFilter(options);
requestFilteringOptions.Filters.Add(filter);
return(requestFilteringOptions);
}
public static RequestFilteringOptions AddSqlInjectionRequestFilter(this RequestFilteringOptions requestFilteringOptions)
{
var options = new SqlInjectionOptions()
{
DenyStrings = new []
{
"--", ";", "/*", "@", "char", "alter", "begin",
"create", "cursor", "declare", "delete", "drop",
"end", "exec", "fetch", "insert", "kill", "open",
"select", "sys", "table", "update"
}
};
var filter = new SqlInjectionRequestFilter(options);
requestFilteringOptions.Filters.Add(filter);
return(requestFilteringOptions);
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
loggerFactory.AddConsole(LogLevel.Debug);
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
var options = new RequestFilteringOptions()
.AddFileExtensionRequestFilter(new FileExtensionsOptions
{
FileExtensionsCollection = new List <FileExtensionsElement>
{
new FileExtensionsElement()
{
FileExtension = ".jpg", Allowed = true
},
new FileExtensionsElement()
{
FileExtension = ".psd", Allowed = false
}
}
})
.AddHttpVerbRequestFilter(new HttpVerbsOptions
{
AllowUnlisted = false,
HttpVerbsCollection = new List <HttpVerbElement>
{
new HttpVerbElement()
{
Verb = HttpVerb.Get, Allowed = true
}
}
})
.AddQueryStringRequestFilter(new QueryStringsOptions
{
AllowUnlisted = false,
QueryStringsCollection = new List <QueryStringElement>
{
new QueryStringElement()
{
QueryString = "id", Allowed = true
},
new QueryStringElement()
{
QueryString = "name", Allowed = false
}
}
})
.AddHiddenSegmentRequestFilter(new HiddenSegmentsOptions
{
HiddenSegmentsCollection = new List <HiddenSegmentElement>
{
new HiddenSegmentElement()
{
Segment = "Private"
}
}
})
.AddHeaderRequestFilter(new HeadersOptions
{
HeadersCollection = new List <HeaderElement>
{
new HeaderElement()
{
Header = "X-Auth", SizeLimit = 5
}
}
})
.AddUrlRequestFilter(new UrlsOptions
{
DeniedUrlSequences = new[] { "me" },
AllowedUrls = new[] { "/Home" }
});
// Uncomment the following line to filter using IP address
/*.AddIPAddressRequestFilter(new IPAddressOptions
* {
* IPAddresses = new[] { "::1" }
* })*/
// Uncomment following line to filter the SQL injection
//.AddSqlInjectionRequestFilter();
app.UseRequestFiltering(options);
app.UseStaticFiles();
app.UseMvc();
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
loggerFactory.AddConsole(Configuration.GetSection("Logging"));
var options = new RequestFilteringOptions()
.AddFileExtensionRequestFilter(new FileExtensionsOptions {
FileExtensions = new List <FileExtension>
{
new FileExtension {
Extension = ".jpg", Allowed = true
},
new FileExtension {
Extension = ".psd", Allowed = false
}
}
})
.AddHttpMethodRequestFilter(new HttpMethodOptions {
AllowUnlisted = false,
HttpMethods = new List <HttpMethod>
{
new HttpMethod()
{
Verb = "Get", Allowed = true
}
}
})
.AddQueryStringRequestFilter(new QueryStringsOptions {
AllowUnlisted = false,
QueryStrings = new List <QueryStringElement>
{
new QueryStringElement {
QueryString = "id", Allowed = true
},
new QueryStringElement {
QueryString = "name", Allowed = false
}
}
})
.AddHiddenSegmentRequestFilter(new HiddenSegmentsOptions {
HiddenSegments = new List <string>
{
"Private"
}
})
.AddHeaderRequestFilter(new HeadersOptions {
Headers = new List <HeaderElement>
{
new HeaderElement()
{
Header = "X-Auth", SizeLimit = 5
}
}
})
.AddUrlRequestFilter(new UrlsOptions {
DeniedUrlSequences = new[] { "me" },
AllowedUrls = new[] { "/Home" }
})
.AddIPAddressRequestFilter(new IPAddressOptions {
IPAddresses = new[] { "::1" }
});
app.UseRequestFiltering(options);
app.UseMvc();
}
public static IApplicationBuilder UseRequestFiltering(this IApplicationBuilder app, RequestFilteringOptions options)
{
if (app == null)
{
throw new ArgumentNullException(nameof(app));
}
if (options == null)
{
throw new ArgumentNullException(nameof(options));
}
return(app.UseMiddleware <RequestFilteringMiddleware>(options));
}