Closed TehWardy closed 4 years ago
HttpContext.Abort() is the main API for this, but there's some protocol nuance.
HttpContext.Features.Get<IConnectionLifetimeFeature>().Abort()
to immideately close an HTTP/2 (or 1.1) connection.Checking for the missing host and aborting in middleware would be simpler and more efficient than doing it in MVC.
Thanks @Tratcher ! exactly what I needed.
I have an MVC controller with an action to handle all paths as part of a custom CMS. It appears that someone is trying to probe our infrastructure trying different "admin" or "sdk" urls. There's a common pattern of requests from a "known set of IP's" and they are changing ever so often and the pattern begins again which leads me to this conclusion.
When these requests come in they are always a request for https:///...
The server is deliberately setup to only respond to requests that are both SSL secured and on a named location "https://mydomain.com/...".
So what I would like to do is "knowing that these requests are attacks on the server" is there a way to just have the MVC controller (without an exception) just end the request there and then without returning any headers or a body?
I'm told this is considered best practice in this situation. I could use a middleware based solution if that's preferred. I'm also open to suggestions if you guys have a better recommendation.