public void ConfigureServices(IServiceCollection services)
{
services.AddLogging();
services.Configure<CookiePolicyOptions>(options =>
{
options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.None;
options.ConsentCookie.Name = "GDPR";
});
services.AddMemoryCache();
services.AddAntiforgery();
services.AddFireWall(FireWallTrial.License, FireWallTrial.DomainKey
, domainName: new Uri("https://www.test.dll", UriKind.Absolute), options =>
{
options.JoinCustomerImprovementProgramWithEmail = "info@test.dll";
options.Cypher.ApplicationPassword = "123456$even";
options.ApplicationName = "www.test.dll";
options.ApplicationTag = "WS3";
options.ContactDetails.Address = "Main street 11, Suite 404, New York, USA";
options.ContactDetails.EMail = "support@test.dll";
options.ContactDetails.Name = "123 Corp ltd";
options.UseSession = false;
//view located in ~/Views/Shared
options.Cashing.GeoLocation.SlidingExpiration = TimeSpan.FromMinutes(20);
options.WebServices.IsUserApiUrl = new Uri(Links.IsUserEndpoint, UriKind.Relative);
options.WebServices.RegisterLinksApiUrl = new Uri(Links.SiteMapEndPoint, UriKind.Relative);
options.WebServices.BeaconApiUrl = new Uri(Links.BeaconPoint, UriKind.Relative);
options.WebServices.CSPReportUrl = new Uri(Links.CSPViolation, UriKind.Relative);
// use events to take control
options.OnEndpointsCreated+= Options_OnEndpointsCreated;
options.OnFireWallCreated += Options_OnFireWallCreated;
options.Rules.AllowWhiteListing = false;
options.Rules.PhysicalFileWallExcludeReasons = Walter.BOM.FirewallBlockReasons.ALL & ~Walter.BOM.FirewallBlockReasons.NoAccessFromRegion;
options.Rules.BlockRequest.BlockDuration.SlideExpiration = true;
options.Rules.BlockRequest.BlockDuration.Expires = TimeSpan.FromSeconds(10);
options.Rules.TrustedCrossSiteDomains.AddRange(new[] { new Uri("https://gateway.test.dll", UriKind.Absolute), new Uri("https://support.test.dll", UriKind.Absolute) });
options.Rules.AllowWhiteListing = false;
options.Rules.Headers.AddDefaultSecurePolicy()
.AddStrictTransportSecurityNoCache()
.AddXssProtectionBlockAndReport()
.AddContentSecurityPolicyButTrust(trustingSites: Walter.Web.FireWall.TrustingSites.Jquery | Walter.Web.FireWall.TrustingSites.Google
, allowInline: true
, framesPolicy: Walter.Web.FireWall.FramesPolicy.Self);
})
.UseGeography(new System.IO.DirectoryInfo("D:\\MaxMind"))
.UseDiskLogging(options => { options.Directory = @"D:\Firewall"; })
.UserDatabase(DatabaseConnections.FireWallState)
.UseFireWallReportingDatabase(DatabaseConnections.FireWall)
.UseSMTPReportingDatabase(DatabaseConnections.FireWallMail, options =>
{
options.Archive = TimeSpan.FromDays(180);
options.Server = "mail.test.dll";
options.UserName = "noreply@test.dll";
options.Password = "123456$even";
options.Port = 25;
options.From = "noreply@test.dll";
options.IgnoreServerCertificateErrors = true;
options.DefaultEmail = "info@test.dll";
options.Archive = TimeSpan.FromDays(60);
options.MailingList.AddRange(new[] {
new EMailAddress("Security Admin","security@test.dll") {
Frequency= TimeSpan.FromHours(1),
Roles= EMailRoles.FireWallAdministrationViolations | EMailRoles.UnauthorizedPhysicalFilesViolation } ,
new EMailAddress("Website Admin","WebMaster@test.dll"){
Frequency= TimeSpan.FromHours(1),
Roles= EMailRoles.ProductUpdates | EMailRoles.OwnAccountRelatedViolations } ,
});
});
services.AddMvc(options =>
options.Filters.Add<Walter.Web.FireWall.Filters.FireWallFilter>()
);
services.AddControllersWithViews()
.AddNewtonsoftJson(options=> {
options.SerializerSettings.ReferenceLoopHandling = ReferenceLoopHandling.Ignore;
options.SerializerSettings.NullValueHandling = NullValueHandling.Ignore;
options.SerializerSettings.Formatting = Formatting.Indented;
});
}
private void Options_OnFireWallCreated(Walter.Web.FireWall.IFireWall firewall)
{
//get the configurationvar json= JsonConvert.SerializeObject(firewall.Configuration);//get filenamevar fileName = Path.Combine(new FileInfo(this.GetType().Assembly.Location).DirectoryName,"last known good firewall configuration.json");//tell firewall to write it to disk as uncontrolled changes to disk will raise an incident
firewall.WriteFile(new FileInfo(fileName), json);
//Reset all rules in the region licensed to provide content and tell all cookies to ignore that the users where blocked
firewall.ResetFireWallBlocking(GeoLocation.WESTERN_EUROPE , GeoLocation.NORTH_AMERICA , GeoLocation.Japan, GeoLocation.Taiwan, GeoLocation.NewZealand, GeoLocation.Austria);
//use own firewall rules
firewall.OnResourceRequested += ManualValidation;
}
private void ManualValidation(object sender, PageCreatedEventArgs e)
{
// process my own rules before any filter or middleware is working with the IPageRequest
e.Request.GuardAction = MyOwnRuleEngine.ProcessPage(e.Request);
}
private void Options_OnEndpointsCreated(object sender, Walter.Web.FireWall.EventArguments.EndpointsCreatedEventArgs e)
{
foreach (var item in e.Links.EndpointsInPath("*.zip", "*.pdf"))
{
item.AllowAddhockAccess = true;
}
foreach (var item in e.Links.EndpointsInPath("*.css", "*.png", "*.jpg"))
{
item.FirewallDisabled = true;
}
}