i want deny users access site if have made x requests in y milliseconds. according microsoft can use dynamic ip security in web config.
this how config, use testing ip throttle, looks:
<security> <dynamicipsecurity> <denybyrequestrate enabled="true" maxrequests="2" requestintervalinmilliseconds="10000"></denybyrequestrate> </dynamicipsecurity> </security>
now problem: since i'm using cloudflare won't see real ip of visitors. according cloudflare, provide real ip in couple of headers. although, not seem azure looks @ these headers when checking if ip should denied.
my question is: there way can still use web config way of denying requests ip or need use code solution instead?
i think found answer own question. i'll post findings here people might have same problem.
according this there attribute called "enableproxymode"
enables iis not block requests client ip seen iis, block requests ip addresses received in x-forwarded-for http header.
since cloudflare puts real ip of visitor in x-forwarded-for http header works perfectly.
Comments
Post a Comment