ASP-WAF Web application firewall for .Net 5, .Net Standard 2.1 and .Net Core 3.x

UrlValidationPatterns Class

URL validation patterns used in the rule engine

Namespace:  Walter.Web.FireWall.Configurations
Assembly:  Walter.Web.FireWall (in Walter.Web.FireWall.dll)

Syntax


public sealed class UrlValidationPatterns

Remarks


This class comes with default values that may not fit your requirements. Update the patterns in this list to match your Endpoints.

You can remove and add items from any of the lists in this pattern dataset.

Examples


The bellow sample will remove the url that maps to ~/Order/Checkout as that particularly rout would be valid for the web-application. However there is no valid rout that uses /Payment and we would like to block users that try to fish for that url especially as we have added that url to robots.txt with a Disallow: */Payment just to catch anyone trying to use the robots file to attack the site.

You should add the items to the "correct list" like us, adding /Payment to NoOnlinePaymentSystemExists because if it will match a request than the firewall gives us a type of incident where we know some one was blocked as they where going at the payment system.

C#
public class MyFireWall : FireWallBase
   {
      public MyFireWall(ILoggerFactory factory, IMemoryCache cache, ILatLongRepository geo)
               : base(loggerFactory: factory, memoryCache: cache, latLongRepository: geo)
           {
               Configuration.Rules.BlockedPatterns.NoOnlinePaymentSystemExists.Add("/Payment");
               Configuration.Rules.BlockedPatterns.NoOnlinePaymentSystemExists.Remove("/Checkout");
               base.Trigger_OnFireWallCreated(this);

           }
   }

Inheritance Hierarchy


Object
  Walter.Web.FireWall.Configurations..::..UrlValidationPatterns