search

unosquare / embedio

A tiny, cross-platform, module based web server for .NET
http://unosquare.github.io/embedio
Other
1.47k stars 176 forks source link

IP-banning Module #418

Closed geoperez closed 4 years ago

geoperez commented 4 years ago

Is your feature request related to a problem? Please describe. I would like to have a IP-banning system integrated to EmbedIO with a clear API to allow any Module to include a client in the black-list.

Describe the solution you'd like Create an IP-banning module with the following mechanisms:

TCP Requests

Ban a client when the max number of requests per second/minute has reached.

Log Filtering

Ban a client when the max number of regex matching per second/minute has reached.

The Log Filtering should use a Swan ILogger with a set of Regex rules to match against.

Internal API

Allow calling a ban/unban from the code. Any WebModule or WebAPI Controller can ban a client or get a list of banned clients.

Global settings

1 - White-list 2 - Ban Time 3 - Reporting callback

geoperez commented 4 years ago

This issue has been resolved partially. We still need the TCP Request inspector.

rdeago commented 4 years ago

Sorry to be the usual grumpy uncle, but banning a client (aww no - an IP address, really) based on two different criteria will most likely result in a mess.

Why not have a list of criteria, expressed with classes derived from an abstract BanningCriterion or something of the kind?

Think about it: for each criterion, we need

If all this stuff is in the same class - moreover, mixed with the properties and methods used to actually implement the ban, not to mention the whitelist and blacklist - we'll soon end up with a maintenance nightmare.

For the academically inclined, let me also quote the Single responsibility principle:

every module, class, or function should have responsibility over a single part of the functionality provided by the software, and that responsibility should be entirely encapsulated by the class, module or function. All its services should be narrowly aligned with that responsibility.

IPBanningModule is there to handle IP banning; from the moment there are multiple distinct conditions that can trigger a ban, each of them is best expressed by its own class.

Unless you don't need everything done before Monday, I can help with this. I think @k3z0 would be perfectly capable to design an IPBanningCriterion class and use a ComponentCollection of it, but if you need help just drop me a line on Slack.

geoperez commented 4 years ago

I like the idea, even you can expose an API to write a custom criterion. Let's say using a specific header, for example.