I've implemented IIS dynamic IP restriction, I am concerned that it may not be enough. For example, if someone was to send many requests from a huge list of various proxy Ips they could in theory get through the the safety mechanism?
我已经实现了IIS动态IP限制,我担心这可能不够。例如,如果有人要从大量的代理ip中发送许多请求,他们理论上可以通过安全机制获得这些请求吗?
Is there anything else I should consider doing in IIS or .Net Mvc?
在IIS或。net Mvc中还有什么需要考虑的吗?
1 个解决方案
#1
1
For any still wondering, here is a MS Blog covering quite a bit - it is focused on Azure but many of the points are still applicable to IIS in a non-cloud environment. security-guidelines-to-detect-and-prevent-dos-attacks-targeting-iisazure-web-role-paas
如果你还想知道,这里有一个MS博客,它涵盖了相当多的内容——它关注的是Azure,但许多要点仍然适用于非云环境中的IIS。security-guidelines-to-detect-and-prevent-dos-attacks-targeting-iisazure-web-role-paas
#1
1
For any still wondering, here is a MS Blog covering quite a bit - it is focused on Azure but many of the points are still applicable to IIS in a non-cloud environment. security-guidelines-to-detect-and-prevent-dos-attacks-targeting-iisazure-web-role-paas
如果你还想知道,这里有一个MS博客,它涵盖了相当多的内容——它关注的是Azure,但许多要点仍然适用于非云环境中的IIS。security-guidelines-to-detect-and-prevent-dos-attacks-targeting-iisazure-web-role-paas