Hello,
Is Possible to get the IP for the client accesing the xdata server, before executing any request.
and, if it is not in a white list in a database, close the connection before he can make any request?
Thanks for your advice.
wouldn't you do this on your firewall?
Not sure the firewall is the best place always? For example, I've got some of my XData systems setup to log the number of login attempts. If it is exceeded, the IP is added to a database blocklist for a period of time.
I do the same with the JWTs so that they can be revoked if needed. So as part of the beginning of each login request, it checks for the existence of the IP in the blocklist for the IP. And for other requests the JWT list is checked to ensure that it is still valid (this is in addition to the usual expiration mechanism).
But this all happens at the beginning of the request, with different checks done for different requests (login vs. authenticated mostly). Much easier than trying to interface to some kind of firewall I'd think? But maybe not.
Given the heavy nature of having to do a database lookup (even if it is cached) I'm not sure that there'd be any benefit to handling this earlier in the XData process, but I'm sure there are ways to do that as well.
I suppose if you're trying to counter some kind of DDOS attack, then this isn't the way to go.
Yes, you can use RemoteIP property of the request object. More references: How to obtain the user's IP address - #2 by AndrewSimard
This is very interesting,
i will try your sugestion and do it in the login procedure.
many thanks for your advice.
2 Likes
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.