I. Introduction
UrlFirewall
It is an open source, lightweight middleware for filtering http requests, which can be used in webapi or gateways (such as Ocelot), written by myself, and open source on github: https://github.com/stulzq/UrlFirewall welcome star.
2. Introduction to UrlFirewall
UrlFirewall is an HTTP request filtering middleware that can be used with a gateway (Ocelot) to shield external network access to internal interfaces, allowing only internal interfaces to communicate with each other without exposing them to the outside world. It supports blacklist mode and whitelist mode, and supports custom HTTP request response codes. It has good scalability and can implement verification logic by itself, and retrieve rules from media such as database or Redis cache.
3. Use
1. Add components from Nuget to your ASP.NET Core project
Install-Package UrlFirewall.AspNetCore
2. Placement DI
public void ConfigureServices(IServiceCollection services)
{
services.AddUrlFirewall(options =>
{
options.RuleType = UrlFirewallRuleType.Black;
options.SetRuleList(Configuration.GetSection("UrlBlackList"));
options.StatusCode = HttpStatusCode.NotFound;
});
services.AddMvc();
//...
}
3. Configure middleware
The location of the UrlFirewall middleware must be placed first
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
//Configure url firewall middleware. Top most.
app.UseUrlFirewall();
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseMvc();
}
4. Configure the rules
According to step 2, the used Section name · UrlBlackList
· We add the following configuration in the appsettings.json/appsettings.Devolopment.json file;
{
"Logging": {
"IncludeScopes": false,
"LogLevel": {
"Default": "Debug",
"System": "Information",
"Microsoft": "Information"
}
},
"UrlBlackList": [
{
"Url": "/api/cart/add",
"Method": "All"
},
{
"Url": "/api/cart/del",
"Method": "Post"
},
{
"Url": "/api/cart/list",
"Method": "Get"
},
{
"Url": "/api/product/*",
"Method": "All"
}
]
}
The Url field indicates the url of the http request to be intercepted, and supports wildcard *
and sum ?
, *
indicating that any number of arbitrary characters ?
is matched, and one arbitrary character is matched. Method
Represents the http request method, All
represents all, and more Get Post Delete Put
.
4. Expansion
If you want to implement your own verification logic, or query and obtain data from databases, Redis caches, and other media for verification; you can implement the IUrlFirewallValidator
interface and then call the AddUrlFirewallValidator
method to replace the default implementation.
Example:
services.AddUrlFirewall(options =>
{
options.RuleType = UrlFirewallRuleType.Black;
options.SetRuleList(Configuration.GetSection("UrlBlackList"));
options.StatusCode = HttpStatusCode.NotFound;
}).AddUrlFirewallValidator<CustomValidator>();
5. Address
Source code and Demo: https://github.com/stulzq/UrlFirewall