event EventHandler<FireWallIncidentEventArgs> OnIncident
Event Data
The event handler receives an argument of type FireWallIncidentEventArgs containing data related to this event. The following FireWallIncidentEventArgs properties provide information specific to this event.
| Property | Description |
|---|---|
| AllowRaiseIncident | Leave it on true if you would like to allow to happen, set it to the default false if you like to prevent the firewall from creating an incident |
| Data | Access the data that caused, and is considered to be out of allowed range for the request as specified on the endpoint's configuration. |
| Page | access to the page and all it's properties. |
| StackEntry | Access the stack entry describing the incident |
Remarks
You can control if the firewall creates the incident by setting AllowRaiseIncident to true stating you "allow" it to happen and no incident is to be creates
This event in triggers when a firewall has been licensedExample
The bellow sample shows how the recommendation created by the firewall as allowed to block or not block a request based on a AppConfig.json configuration
public class MyFireWall : FireWallBase { private readonly ILogger<MyFireWall> _logger; private bool _isReccommendOnly = true; public MyFireWall( //enable accessing AppConfig IConfiguration configuration //allow DI to provide interfaces to base class , ILoggerFactory? loggerFactory = null, IMemoryCache? memoryCache = null , IIncidentDatabase? incidentDatabase = null, IWhoisRepository? whoisRepository = null, ISubscriptionsRepository? subscriptions = null , IEmailReportDesination? emailReportDesination = null, IDatabaseReportDestination? databaseReportDestination = null , ILoggerReportDesination? loggerReportDestination = null, IFireWallDiskLoggerDestination? diskLoggerDestination = null , IEventLogReporting? eventLogReporting = null, IGeoFactory? geoFactory = null, ILatLongRepository? latLongRepository = null , IResetRepository? resetRepository = null) : base(loggerFactory, memoryCache, incidentDatabase, whoisRepository, subscriptions, emailReportDesination, databaseReportDestination , loggerReportDestination, diskLoggerDestination, eventLogReporting, geoFactory, latLongRepository, resetRepository) { var section = configuration.GetSection("FireWall"); if (section.Exists()) { _isReccommendOnly = section.GetValue<bool>("RecommendOnly"); } base.Trigger_OnFireWallCreated(this); OnIncident += MyFireWall_OnIncident; OnGuardAction += MyFireWall_OnGuardAction; OnUserTypeChange += MyFireWall_OnUserTypeChange; OnResourceRequested += MyFireWall_OnResourceRequested; _logger = loggerFactory.CreateLogger<MyFireWall>(); } private void MyFireWall_OnResourceRequested(object? sender, Walter.Web.FireWall.EventArguments.PageCreatedEventArgs e) { throw new System.NotImplementedException(); } private void MyFireWall_OnUserTypeChange(object? sender, Walter.Web.FireWall.EventArguments.UserTypeChangedEventArgs e) { _logger?.Lazy().LogDebug("{oldType} : {newType}\n {route}\n Rules:\n {data}" , e.OriginalType , e.NewType , e.Rout , string.Join("\n ", e.Rules) ); //allow the change e.AllowRaiseIncident = true; if (e.OriginalType.HasFlag(UserTypes.IsSearchEngine) && e.NewType.HasFlag(UserTypes.IsMalicious)) { //remove the malicious flag from search engines to not prevent search engines from //indexing the site e.NewType &= ~UserTypes.IsMalicious; } } private void MyFireWall_OnGuardAction(object? sender, Walter.Web.FireWall.EventArguments.GuardActionEventArgs e) { _logger?.Lazy().LogCritical("{Method} {page} : {route}\n {action}\n {data}" , e.Page.Method , e.Page.OriginalUrl.AbsolutePath , e.Page.FireWallRoute , e.Action , string.Join("\n ", e.Page.PageViolationStack.Select(s => s.ToString())) ); //allow the firewall to block requests e.AllowRaiseIncident = _isReccommendOnly; } private void MyFireWall_OnIncident(object? sender, Walter.Web.FireWall.EventArguments.FireWallIncidentEventArgs e) { _logger?.Lazy().LogCritical("{Method} {page} : {route}\n {rule}:{RuleNr}\n Reasons:{Reason}\n {data}" , e.Page.Method , e.Page.OriginalUrl.AbsolutePath , e.Page.FireWallRoute , e.StackEntry.Rule , e.StackEntry.RuleNr , e.StackEntry.Reason , string.Join("\n ", e.Data.Select(s => $"{s.Key}:{s.Value}")) ); //allow the firewall to raise incidents e.AllowRaiseIncident = _isReccommendOnly; } }
Requirements
Target Platforms: Windows 7, Windows Vista SP1 or later, Windows XP SP3, Windows Server 2008 (Server Core not supported), Windows Server 2008 R2 (Server Core supported with SP1 or later), Windows Server 2003 SP2
See Also