Reputation: 2333
Restrict Users from Programmatically posting form data
I have a very old ASP.net Application with a Web Form with 1 Dropdown Box and 2 Text Boxes and a Submit Button. All 3 are mandatory fields. Based on the data entered, once the user clicks Submit Button additional details are shown on the next page from the database.
On Submit data is posted via Query String that looks like http://myserver/myapp/search.aspx?f1=1&f2=tom&f3=sales
Though the application is doing what is supposed to do, off late we came across lot of issues:
As couple of entities that are interested in our data wrote programs to programatically build the querystrings and hitting our server. This is slowing down the server and regular users who manually search records are facing lot of slowness.
Due to come legal restrictions we couldn't implement CAPTCHA or have users get authenticated.
I would appreciate if you can let me know if any of you have come across this kinda situation and how you have dealt with it.
Thanks in advance.
Upvotes: 0
Views: 35
Answers (1)
Reputation: 17171
You could implement source-based rate limiting. I.e. per IP address only allow so many requests per minute. If the requester makes too many requests you simply reject the requests. You could also blacklist the IP addresses that are hitting your app too aggressively. Both of these policies can be enforced by a load balancer like HAProxy or nginx.
Upvotes: 1
Related Questions
- How to block requests based on post data?
- How to prevent users from forging form data
- Configure ASP.NET validators to only block specific POST action
- Intercepting ASP NET MVC POST Values
- Prevent submitting of a form in asp.net mvc
- How to secure the data in the post form?
- Asp.Net MVC4 stopping people requesting or posting data to my API
- Submit POST data when user logged in using forms authentication
- Preventing Over Posting in ASP.NET Webforms
- Prevent asp.net forms from submitting certain fields