Tratcher
commented
4 years ago HttpContext.Abort() is the main API for this, but there's some protocol nuance.
- For HTTP/1.1 it aborts the connection immediately
- For HTTP/2 it only aborts the current request (e.g. resets the HTTP/2 stream).
- When using Kestrel you can do
HttpContext.Features.Get<IConnectionLifetimeFeature>().Abort()to immideately close an HTTP/2 (or 1.1) connection. - I don't think there's a similar way to do this in IIS or HttpSys.
- When using Kestrel you can do
Checking for the missing host and aborting in middleware would be simpler and more efficient than doing it in MVC.
TehWardy
I have an MVC controller with an action to handle all paths as part of a custom CMS. It appears that someone is trying to probe our infrastructure trying different "admin" or "sdk" urls. There's a common pattern of requests from a "known set of IP's" and they are changing ever so often and the pattern begins again which leads me to this conclusion.
When these requests come in they are always a request for https:///...
The server is deliberately setup to only respond to requests that are both SSL secured and on a named location "https://mydomain.com/...".
So what I would like to do is "knowing that these requests are attacks on the server" is there a way to just have the MVC controller (without an exception) just end the request there and then without returning any headers or a body?
I'm told this is considered best practice in this situation. I could use a middleware based solution if that's preferred. I'm also open to suggestions if you guys have a better recommendation.