Page History
The Aspire app needs to be setup set up to mitigate DDOS DDoS attacks and other similar issues related to security findings (Jira vulnerability issue. )
Quick A quick and straightforward solution can be done by a Nginx server, which is setup set up as a proxy server to for Aspire.
Aspire should not be not available out site outside the website directly, but always using Nginx or a similar technology (Apache, AWS WAF, etc...).
Nginx will be setup set up as a proxy server with https HTTPS certificates, request limit and other necessary security.
Internally, Aspire 5 and internals apps can be connected directly (localhost:50505).
...
You can limit the rate at which NGINX accept accepts incoming requests to a value typical for real users. For example, you might decide that a real user accessing a login page can only make a request every 1 second.
...
To enable POST requests limitations, open nginx.conf and put:
| Code Block | ||
|---|---|---|
| ||
http {
# Maps ip address to $limit variable if request is of type POST
map $request_method $limit {
default "";
POST $binary_remote_addr;
}
# Creates 10mb zone in memory for storing binary ips and limit requests to 60 per minute.
limit_req_zone $limit zone=one:10m rate=60r/m;
...
server {
...
location / {
...
#limit post request 60 requests per minutes
limit_req zone=one;
}
} |
...
More can be found directly in Nginx documentation .
Configuring HTTPS
To configuring configure an HTTPS connection needs to be prepared ssl SSL certifications for the current domain or IP, here is example only for localhost.
...
More can be found directly in the Nginx documentation.
Aspire app with
...
HTTPS after Nginx proper setup:
Response after too many requests:
Interesting Articles:
First Line of Defense: Blocking Bad POST Requests Using NGINX Rate Limiting.
...
Overview
Content Tools