mercredi 4 mars 2020

How can prevent from a lot of request client to a web API(c#)?

I want to stop a client when a lot of requests sent to the server for example, 30 requests on 10 second and I want he/she can not send it until 10 minutes. This is my code which I use as an Attribute for each web API.

[AttributeUsage(AttributeTargets.Method, AllowMultiple = false)]
public class AllowXRequestsEveryXSecondsAttribute : ActionFilterAttribute
{

    public string Name { get; set; }


    public int Seconds { get; set; }

    public int MinutesLockUser { get; set; }


    public int Requests { get; set; }

    public string Message { get; set; }

    public string ContentName { get; set; }

      public class Int32Value
    {
        public Int32Value()
        {
            Value = 1;
        }
        public int Value { get; set; }
    }

    public override void OnActionExecuting(HttpActionContext c)
    {
        if (c == null) throw new ArgumentException("ActionExecutingContext not spcecified");
        this.Name = "AllowXrequestinXSecond";
        this.Seconds = 10;
        this.Requests = 30;

        string ipAddress = HttpContext.Current.Request.UserHostAddress;
        var key = string.Concat("AllowXRequestsEveryXSeconds-", Name, "-", ipAddress);

        var allowExecute = false;

        var currentCacheValue = HttpRuntime.Cache[key];
        if (currentCacheValue == null)
        {

            HttpRuntime.Cache.Add(key,
                new Int32Value(),
                null,// no dependencies
              Cache.NoAbsoluteExpiration,// absolute expiration
                TimeSpan.FromSeconds(Seconds),
                CacheItemPriority.Low,
                null); // no callback

            allowExecute = true;
        }
        else
        {

            var value = (Int32Value)currentCacheValue;
            value.Value++;


            if (value.Value <= Requests)
            {
                allowExecute = true;
            }



        }

        if (!allowExecute)
        {
            if (String.IsNullOrEmpty(Message))
              Message = "You have performed this action more than {x} Requests in the last {n} seconds.";

            if (((Int32Value)currentCacheValue).Value == Requests + 1)
            {

                Helpers.LogToDb(Message, key);
            }

            c.Response = c.Request.CreateResponse(
                HttpStatusCode.Conflict,
                Message.Replace("{n}", Seconds.ToString())
            );
             c.Response.StatusCode = HttpStatusCode.Conflict;
        }
    }


}

it is a good code but it has a problem. it caches for 10 seconds and after that refresh. I need to block the user for 10 minutes.




Publié par à
Libellés :

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)