Reputation: 145
Dynamic IP Address Restrictions for .NET Core Web API Application on azure Web App
I have developed a Web API application using .net core 1.0 "version": "1.0.5" and deploying on Azure web app.
Currently, I'm facing a problem with an API endpoint when the user hits the endpoint concurrently. So for my CPU/DTU percentage increase above 60 to 100. For that, I should restrict that user when he hit's an API endpoint concurrently. I don't have any idea to restrict those IP. I'm very new to this issue.
Can anyone please help me to resolve this issue?
Note:- When he hit's the API endpoint concurrently I should block those IP for the limited duration.
Thanks,
Parthiban.
Upvotes: 3
Views: 2181
Answers (1)
Reputation: 20097
You could do to prevent such issue is to use the solution provided by IIS 7.0 knows as Dynamic IP Restrictions (DIPR) module.
Dynamic IP Restrictions (DIPR) key features:
Blocking of IP addresses based on number of concurrent requests
Blocking of IP address based on number of requests over a period of time
To get this service in Azure Website you need to configure some change on web.config file of your site.
1.Code snippet to to handle concurrent requests
<system.webServer>
<security>
<dynamicIpSecurity>
<denyByConcurrentRequests enabled="true" maxConcurrentRequests="10"/>
</dynamicIpSecurity>
</security>
</system.webServer>
Set the enabled property of denyByConcurrentRequests (under dynamicIpSecurity node) to true. When a client exceeds the concurrent requests their IP will be blocked temporary for further request for a short period of time.
2.Code snippet to to handle maxRequests within a specified time frame:
<system.webServer>
<security>
<dynamicIpSecurity>
<denyByRequestRate enabled="true" maxRequests="15" requestIntervalInMilliseconds="5000"/>
</dynamicIpSecurity>
</security>
</system.webServer>
Set the enabled property of denyByRequestRate. The property maxRequests determines the number of requests a given client IP address may send to your site and requestIntervalInMilliseconds determines the time frame.
IIS will automatically start blocking requests from IP addresses when client exceeds your specified rule. So according the value that I set client making more than 15 requests within a 5 second period will be blocked temporarily.
You could refer to how to configure Dynamic IP Address Restrictions in Windows Azure Web Sites if you have any doubt.
Upvotes: 2
Related Questions
- Dynamic IP Restriction with HTTP/2
- Azure AppService IP address restrictions
- IP Restriction on Azure WebApp from ARM (Azure Resource Manager)
- How to restrict some IP in .net core
- Dynamically block IP address to azure cloud service
- Azure restrict access to web app by ip range
- How to restrict IP addresses with an Azure App Service / Web App
- IP address of Azure API App and how to restrict IPs
- IP Address and Domain Restrictions in ASP.NET
- Azure: Getting internal IP - for a WEBSITE - to create access restrictions