Walter.BOM Namespace
Walter.Web.FireWall Namespace
ASP-WAF | .Net API for WAF Systems

ActionProtectorAttribute Class

Class ActionProtectorAttribute allows you to discover malicious activity against actions and the models that are posted to these actions

Namespace:  Walter.Web.FireWall.Annotations
Assembly:  Walter.Web.FireWall (in Walter.Web.FireWall.dll)


public sealed class ActionProtectorAttribute : ProtectorBase


At the moment the framework only supports actions with 1 parameter. We expect you to have a view model that will satisfy ModelState property of a controller


This sample comes from the getting started manual. This manual does contain quite a few samples for you to use in your projects
   [Ignore(skip: FireWallGuardActions.RejectWrongUserType)]
   [ActionProtector(blockAfterInvalidModelCount: 5
   , redirectToController: "home"
   , redirectToAction: "blocked", passModel: false)]
   public IActionResult Captcha(CaptchaModel model)
   var user = _page.User.AsFirewallUser();
   //1. Make sure the page came from the web application
   if (_page.Referrer is null
   || !_fireWall.License.IsLicensedDomain(_page.Referrer)
   || !_page.Referrer.AbsolutePath.Contains("Captcha", StringComparison.Ordinal))
   //if was triggered by a search engine then ignore it else flag it
   if (_page.User.IsSearchEngine != SearchEngine.NotSure)
   user.UserType |= UserTypes.IsMalicious | UserTypes.IsUsingDeveloperTools;
   // 2. Make sure the user passed the simple test
   if (!ModelState.IsValid)
   if (user.ModelBlockCount - model.ErrorCount > 3)
   user.UserType |= UserTypes.IsMalicious;
   return View(model);
   // 3. Reject to the blocked action for user error
   //    message if we discovered spoofing or other unwanted
   //    activities.
   if (_page.User.IsSpoofing()
   || user.UserType.HasFlag(UserTypes.IsMalicious)
   || user.UserType.HasFlag(UserTypes.IsUsingDeveloperTools))
   return RedirectToActionPermanent("Blocked");
   switch (user.UserType)
   case UserTypes.IsHuman:
   case UserTypes.IsSearchEngine:
   return Redirect(model.RedirectTo);
   case UserTypes.NotDiscovered:
   return View(model);
   return RedirectToAction("Blocked");

Inheritance Hierarchy