user6769842
Reputation: 27
How to fix Server-side Request Forgery x2 in ASP.NET MVC?
How to maintain a whitelist of externally requested services and hosts and block any interactions that do not appear on the whitelist?
I am looking for some code snippet for implementation of this.
Upvotes: -1
Views: 1331
Answers (1)
Saad Shaikh
Reputation: 179
you can create an ActionFilter, which will check the request host/ip address, compare which db and block request when not found.
public class WhiteListedOnlyAttribute : ActionFilterAttribute
{
public override void OnActionExecuting(ActionExecutingContext context)
{
var ipaddress = getHost(context);
if(isValid(ipaddress))
{
base.OnActionExecuting(filterContext);
return;
}
else
{
context.Result = RedirectToRouteResult(...);
}
}
}
Upvotes: 0
Related Questions
- ASP.NET MVC anti-forgery token (CSRF) not working
- MVC 5 - Mitigating BREACH Vulnerability
- ASP.NET MVC Anti Forgery Token Insecure
- Anti-CSRF implementation in MVC 3
- How to mitigate XSRF for ASP.NET MVC Ajax.ActionLink requests?
- Protecting from cross-site request forgery attacks
- How to prevent CSRF attack through Anti Forgery GET request
- Preventing Cross-Site Request Forgery (CSRF) Attacks
- Asp.Net Anti-Forgery
- XSRF protection GET .net mvc