c# mvc MvcThrottle防刷

1.介紹

1）用MvcThrottle你能保護你的網站不受攻擊、刷。

2）你能夠限制與設置多個不一樣場景容許的IP，設置 每秒/分/天 容許訪問IP。

3）你能夠定義限制，來處理全部請求。或者某個Controller、方法的範圍。

 

2.使用

1）首先，請到github上下載框架，裏面包括demo。可是demo寫得我看不到，讀者若是看得懂，建議不用閱讀本文。

https://github.com/stefanprodan/MvcThrottle

2）引入MvcThrottle項目、包

以下，咱們新建的一個MVC項目WebApplicationIP

3）在FilterConfig類中添加配置

 1 public class FilterConfig
 2     {
 3         public static void RegisterGlobalFilters(GlobalFilterCollection filters)
 4         {
 5             const int secondCount = 5;
 6             var throttleFilter = new ThrottlingFilter
 7             {
 8                 //每秒鐘最多請求secondCount次，每分鐘最多請求secondCount*60次，依次類推
 9 
10                 Policy = new ThrottlePolicy(
11                     perSecond: secondCount,
12                     perMinute: secondCount * 10,
13                     perHour: secondCount * 10 * 5,
14                     perDay: secondCount * 10 * 5 * 2)
15                 {
16                     IpThrottling = true
17                 },
18                 Repository = new CacheRepository()
19             };
20             filters.Add(throttleFilter);
21 
22             filters.Add(new HandleErrorAttribute());
23         }
24     }

4）在controller的方法設置訪問限制

下面是表明用全局的IP訪問限制：

[EnableThrottling]

下面是代碼這個方法，每秒最多訪問5次，每分鐘10次：

[EnableThrottling(PerSecond = 5, PerMinute = 10)]

以上是FilterConfig的配置方法也是應用類庫直接複製就行了

5）在Global中Application_Start方法中加入

FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters);

6）若是須要修改請求返回參數或頁面，找到MvcThrottle類庫，打開ThrottlingFilter這個類，在該類的OnActionExecuting方法中修改以下：

 1                         if (rateLimit > 0 && throttleCounter.TotalRequests > rateLimit)
 2                         {
 3                             //log blocked request
 4                             if (Logger != null) Logger.Log(ComputeLogEntry(requestId, identity, throttleCounter, rateLimitPeriod.ToString(), rateLimit, filterContext.HttpContext.Request));
 5 
 6                             //break execution and return 409 
 7                             //var message = string.IsNullOrEmpty(QuotaExceededMessage) ?
 8                             //    "HTTP request quota exceeded! maximum admitted {0} per {1}" : QuotaExceededMessage;//源代碼
 9                             var message = string.IsNullOrEmpty(QuotaExceededMessage) ?
10                                "您的操做太頻繁，請稍後再試" : QuotaExceededMessage;//修改後
11 
12                             //add status code and retry after x seconds to response
13                             filterContext.HttpContext.Response.StatusCode = (int)QuotaExceededResponseCode;
14                             filterContext.HttpContext.Response.Headers.Set("Retry-After", RetryAfterFrom(throttleCounter.Timestamp, rateLimitPeriod));
15 
16                             filterContext.Result = QuotaExceededResult(
17                                 filterContext.RequestContext,
18                                 string.Format(message, rateLimit, rateLimitPeriod),
19                                 QuotaExceededResponseCode,
20                                 requestId);
21                                 
22                             return;
23                         }    

把上面代碼替換成

                       if (rateLimit > 0 && throttleCounter.TotalRequests > rateLimit)
                        {
                            filterContext.HttpContext.Response.Redirect("/Error.html"); //要跳轉的頁面                              
                            return;
                        }  

  轉載和參考https://www.cnblogs.com/alunchen/p/6203789.html