dustinmoris / firewall Goto Github PK

Thanks for a nice nuget!

Is it possible to configure it so that it is not on an application leven but more detailed, like having specific IP requirements for a controller/method?

Thanks.

is it possible to protect a specific api's using filter ? also all the requests are coming from cloudflare too

I think that the value of X-Forwarded-For is not set in the RemoteIpAddress as stated in the doc. A custom rule is required for load balancers forwarding this header.

It would be great if we could log the request from a blocked IP. This is great for analytics, forensics and also to see if perhaps there are some other IPs we should consider allowing (through log analysis). Perhaps ILogger can be injected into the middleware constructor.

Perhaps pass an options via an Action<> param.... i.e.

app.UserFirewall(opts => opts.EnableLogging = true);

and/or

var opts = new FirewallOptions(); app.UserFirewall(opts);

Hi,

I looked through the documentation and source codes, I could not find a built-in way to only block certain IP addresses.

Is it the best way to implement a custom rule by inheriting IFirewallRule and add the logic there?

Would be great to allow an exclusion style lists as well. Say something like:

DontAllow(List<CIDRs>);
DontAllow(List<IPAddress>);
DontAllow(List<CountryCode>);

Right now, if I want to allow every country, say, except for Micronesia I have to list EVERY country but Micronesia. Same thing if I want to only block a few IPs... That said - great library!!! Thanks for your work!

Hi @dustinmoris ,

Could you kindly provide an example (sample) of Block Traffic by Country and storing configuration in appsettings.json

How to Block Traffic by Country in the CSF Firewall

It will be a cool feature to add 👍

I might be missing something but it seems when I hit my service from localhost the remote Ip address is set to "::1" which is not allowed (see screenshot below)

Is this not supposed to be allowed as part of the localhost rule?

@dustinmoris,
Please can you upload a MVC sample to this repository?
If country or IP address is not allowed show blocked error page.
if allowed IP continue to home page 👍

I need to support dynamic rules loaded from a DB. Could we get an IAsyncFirewallRule interface where IsAllowed returns ValueTask<bool>?

 app.UseFirewall(FirewallRulesEngine.DenyAllAccess()
                                            .ExceptFromCloudflare("https://www.cloudflare.com/ips-v4", "https://www.cloudflare.com/ips-v6")
                                            .ExceptFromLocalhost());

Following this example from the documentation in my experience resulted in all requests through Cloudflare being denied. What I am missing?

Could support X-Forwarded-For Ip Address for Nginx forwarded in Linux platform?