WEB防流量攻击解决方案中的疑问(附客服端httpmodule原代码)

qxyywy 发布于 2011/07/25 16:00
阅读 832
收藏 1
C#

承接我上一个帖子的问题,现在我把客户端的部分代码(HTTPMODULE处理类)的代码放出来 大家帮忙看看,如何防止异常处理页面被攻击

 /// <summary>
    /// 名    称:<br>
    /// </summary>
    /// <remarks>
    /// 版    本:1.0<br>
    /// 作    者:张泽军<br>
    /// 创始时间:2011-5-20 17:00:02<br>
    /// 描    述:
    /// ----------修改记录------------<br>
    /// </remarks>
    public class WarningHttpModule : IHttpModule, IRequiresSessionState
    {
        protected static readonly ILog log = LogManager.GetLogger("****.UI"); //此处去掉我们公司的名字
        protected static Thread thread = null;
        protected static IVisitAnalysisHandle analysisHander = null;
        protected static VisitManager visitManager = VisitManager.GetInstance();
        private static object LockHelper = new object();

        static WarningHttpModule()
        {
            if (null == thread)
            {
                lock (LockHelper)
                {
                    if (null == thread)
                    {
                        thread = new Thread(new ThreadStart(Process));
                        thread.Start();
                    }

                }
            }
            if (null == analysisHander)
            {
                lock (LockHelper)
                {
                    if (null == analysisHander)
                    {
                        try
                        {
                            analysisHander = (IVisitAnalysisHandle)Activator.GetObject(typeof(IVisitAnalysisHandle), "tcp://127.0.0.1:6666/GNT");
                        }
                        catch (Exception ex)
                        {

                            throw new Exception("注册预警系统信道失败", ex); ;
                        }
                    }
                }
            }
        }

        private void Application_BeginRequest(object sender, EventArgs e)
        {

            HttpApplication application = (HttpApplication)sender;
            HttpContext context = application.Context;
            HttpRequest request = application.Request;
            HttpResponse response = application.Response;
            string url = request.RawUrl.ToLower(); //获取当前原始请求的url
            string ip = request.UserHostAddress;
            string extension = System.IO.Path.GetExtension(url).ToLower();
            //是需要检测的页面
            if (extension != ".aspx" && extension != ".asmx" && extension != ".ashx")
            { return; }

            //在白名单范围内
            if (visitManager.IsInWhiteListIP(ip))
            { return; }

            //添加到访问记录里面
            visitManager.AddRequest(DateTime.Now, ip, url);

            //如果是异常ip的请求页
            if (url == "/visitwarning.aspx")
            {
                string userCode = string.Empty;
                string sessionCode = string.Empty;
                if (request["AuthCode"] != null)
                {
                    userCode = request["AuthCode"].ToString().ToLower();
                }
                if (HttpContext.Current.Session != null && HttpContext.Current.Session["visitwarningcode"] != null)
                {
                    sessionCode = (context.Session["visitwarningcode"] as string).ToLower();
                }
                if (userCode == sessionCode && !string.IsNullOrEmpty(userCode))
                {
                    visitManager.RemoveBlackListIP(ip);
                    response.Redirect("/Index.aspx");
                }
            }
            else
            {
                //是否是黑名单
                if (visitManager.IsInBlackListIP(ip))
                {
                    response.Redirect("/VisitWarning.aspx");
                }
            }
        }

        static void Process()
        {
            while (true)
            {
                try
                {
                    //分析上一分钟的数据
                    DateTime dt = DateTime.Now.AddMinutes(-1);
                    Dictionary<string, Dictionary<string, int>> dic = visitManager.GetRequestRecord(dt);

                    //清空数据
                    visitManager.RemoveRequestRecord(dt);

                    List<BlackIP> blackIP = analysisHander.AnalysisVisit(dic);

                    foreach (BlackIP ip in blackIP)
                        visitManager.AddBlackListIP(ip);
                }
                catch (ThreadAbortException tae)
                {
                    Thread.ResetAbort();
                    log.Error("预警系统线程异常!", tae);
                }
                catch (Exception ex)
                {
                    log.Error("预警系统异常!", ex);
                }
                finally
                {
                    Thread.Sleep(60 * 1000);
                }
            }
        }

        public void Init(HttpApplication application)
        {
            //之前拦截阶段
            //application.BeginRequest += new EventHandler(Application_BeginRequest);
            application.AcquireRequestState += new EventHandler(Application_BeginRequest); 
        }

        public void Dispose()
        { }
    } 

在每次请求都会都会执行黑白名单的判断,在判断为异常IP后会跳转到异常处理页面(/VisitWarning.aspx),但异常处理页面(/VisitWarning.aspx)的请求也会执行相关判断 又会被判断为异常IP跳转到异常处理页面,这样就一直在跳转中,现在的解决办法是在执行判断前再加个判断是否是异常处理页面,若是则不执行判断请求。

这样解决的话 攻击者又可以对异常处理页面进行恶意访问,请各位懂的,做过的,或是有好的建议的来说说

加载中
返回顶部
顶部