Walter.BOM Namespace
Walter.Web.FireWall Namespace
ASP-WAF Web application firewall for .Net 6, .Net 5, .Net Standard 2.1 and .Net Core 3.x

FireWallIncidentEventArgs Class

The Guard event that's being raised by the firewall when the firewall is about to create an incident allowing you to intervene

Namespace:  Walter.Web.FireWall.EventArguments
Assembly:  Walter.Web.FireWall (in Walter.Web.FireWall.dll)

Syntax


public class FireWallIncidentEventArgs

Examples


You can use the firewall to test and see if you are using routs that would cause your application to block valid requests. This way you can update your blocking patterns to match valid and invalid rules.

It is always recommended to not use default routs as all bot's are scripted to use those and the fastest way to detect a malicious user is by having a honey pot or a default not implemented

C#
private void FireWall_OnIncident(object sender, FireWallIncidentEventArgs e)
   {
       switch (e.StackEntry.Reason)
       {
           case Walter.BOM.FirewallBlockReasons.PenetrationAttempt:
               if (Enum.TryParse<Walter.Web.FireWall.RuleEngine.UrlValidatedResult>(e.Data[IncidentAssertType.RuleNr], out var list))
               {
                   _logger?.Lazy().LogCritical("Url triggered {pattern} in {location} in Configuration.Rules.blockedPatterns.{list}"
                       , e.Data[IncidentAssertType.Pattern]
                       , e.Data[IncidentAssertType.Location]
                       , list);
                   LogTodo<ConfigurationTasks>(ConfigurationTasks.UrlNotValid
                       , $"Update Configuration.Rules.blockedPatterns.{list} on {e.Data[IncidentAssertType.Pattern]} at the {e.Data[IncidentAssertType.Location]} in URL{e.Page.OriginalUrl}"
                       , false);
               }

               break;
           default:
               base.LogTodo<ConfigurationTasks>(ConfigurationTasks.Setup, message: $"Test Rule \"{e.StackEntry.Rule}\" on {e.Page.OriginalUrl}", optional: true);
               break;
       }
   }