event EventHandler<GuardActionEventArgs> OnGuardAction
Event Data
The event handler receives an argument of type GuardActionEventArgs containing data related to this event. The following GuardActionEventArgs properties provide information specific to this event.
| Property | Description |
|---|---|
| Action | The guard action being recommended by the firewall |
| AllowGuardAction | Set to true if you would like to allow the firewall to execute the recommended guard action, leave it to the default false if you like to prevent it from happening. |
| BlockTill | Gets or sets the "block till" date for the user. If A hard block was already set then this property reflects that data |
| Page | The Page that triggered the action |
| ReturnLegalNotice | Gets or sets the text you would like to return as a legal notice. |
| ReturnPayload | Gets or sets the return payload to a malicious attack (offensive response). |
Remarks
This event in triggers when a firewall has been licensed
Example
The bellow sample shows how the recommendation created by the firewall as allowed to block or not block a request based on a AppConfig.json configuration
public class MyFireWall : FireWallBase { private readonly ILogger<MyFireWall> _logger; private bool _isReccommendOnly = true; public MyFireWall( //enable accessing AppConfig IConfiguration configuration //allow DI to provide interfaces to base class , ILoggerFactory? loggerFactory = null, IMemoryCache? memoryCache = null , IIncidentDatabase? incidentDatabase = null, IWhoisRepository? whoisRepository = null, ISubscriptionsRepository? subscriptions = null , IEmailReportDesination? emailReportDesination = null, IDatabaseReportDestination? databaseReportDestination = null , ILoggerReportDesination? loggerReportDestination = null, IFireWallDiskLoggerDestination? diskLoggerDestination = null , IEventLogReporting? eventLogReporting = null, IGeoFactory? geoFactory = null, ILatLongRepository? latLongRepository = null , IResetRepository? resetRepository = null) : base(loggerFactory, memoryCache, incidentDatabase, whoisRepository, subscriptions, emailReportDesination, databaseReportDestination , loggerReportDestination, diskLoggerDestination, eventLogReporting, geoFactory, latLongRepository, resetRepository) { var section = configuration.GetSection("FireWall"); if (section.Exists()) { _isReccommendOnly = section.GetValue<bool>("RecommendOnly"); } base.Trigger_OnFireWallCreated(this); OnIncident += MyFireWall_OnIncident; OnGuardAction += MyFireWall_OnGuardAction; OnUserTypeChange += MyFireWall_OnUserTypeChange; OnResourceRequested += MyFireWall_OnResourceRequested; _logger = loggerFactory.CreateLogger<MyFireWall>(); } private void MyFireWall_OnResourceRequested(object? sender, Walter.Web.FireWall.EventArguments.PageCreatedEventArgs e) { throw new System.NotImplementedException(); } private void MyFireWall_OnUserTypeChange(object? sender, Walter.Web.FireWall.EventArguments.UserTypeChangedEventArgs e) { _logger?.Lazy().LogDebug("{oldType} : {newType}\n {route}\n Rules:\n {data}" , e.OriginalType , e.NewType , e.Rout , string.Join("\n ", e.Rules) ); //allow the change e.AllowRaiseIncident = true; if (e.OriginalType.HasFlag(UserTypes.IsSearchEngine) && e.NewType.HasFlag(UserTypes.IsMalicious)) { //remove the malicious flag from search engines to not prevent search engines from //indexing the site e.NewType &= ~UserTypes.IsMalicious; } } private void MyFireWall_OnGuardAction(object? sender, Walter.Web.FireWall.EventArguments.GuardActionEventArgs e) { _logger?.Lazy().LogCritical("{Method} {page} : {route}\n {action}:{RuleNr}\n Reasons:{Reason}\n {data}" , e.Page.Method , e.Page.OriginalUrl.AbsolutePath , e.Page.FireWallRoute , e.Action , string.Join("\n ", e.Page.PageViolationStack.Select(s => s.ToString())) ); //allow the firewall to block requests e.AllowRaiseIncident = _isReccommendOnly; } private void MyFireWall_OnIncident(object? sender, Walter.Web.FireWall.EventArguments.FireWallIncidentEventArgs e) { _logger?.Lazy().LogCritical("{Method} {page} : {route}\n {rule}:{RuleNr}\n Reasons:{Reason}\n {data}" , e.Page.Method , e.Page.OriginalUrl.AbsolutePath , e.Page.FireWallRoute , e.StackEntry.Rule , e.StackEntry.RuleNr , e.StackEntry.Reason , string.Join("\n ", e.Data.Select(s => $"{s.Key}:{s.Value}")) ); //allow the firewall to raise incidents e.AllowRaiseIncident = _isReccommendOnly; } }
Requirements
Target Platforms: Windows 7, Windows Vista SP1 or later, Windows XP SP3, Windows Server 2008 (Server Core not supported), Windows Server 2008 R2 (Server Core supported with SP1 or later), Windows Server 2003 SP2
See Also