堆栈内存溢出
  简体   繁体   English

如何关闭asp.net中的HTTP连接?

[英]How to close HTTP connection in asp.net?

 原文  2011-03-30 13:38:18       asp.net/ performance/ iis-7/ dos

问题描述

I have a problem, please help! 我有问题,请帮忙!

Our site was under Slow HTTP POST DOS attack recently. 我们的网站最近受到了慢速HTTP POST DOS攻击。 It's when your server receives a lot of incoming connections and keep them for long time because the sender sends information very slow and server cant serve real users' request - denial of service. 这是您的服务器收到大量传入连接并保持很长一段时间的时候,因为发件人发送信息的速度非常慢,并且服务器无法满足真实用户的请求-拒绝服务。

So I decied to reject such POST requests: 因此,我决定拒绝此类POST请求: 

void Application_BeginRequest(object sender, EventArgs e)
{
    if ( _my_condition_here_ )
    {
        _reject_the_request_by_dropping_connection_
    }
}

The problem is that I can't drop the HTTP connection in asp.net: 问题是我无法在asp.net中删除HTTP连接: 

Response.End(), throw new Exception(), even Thread.CurrentThread.Abort()

don't close the connection. 不要关闭连接。 It waits while sender sends all the fake data, then answer to it with '500 server error' or something. 它在发送者发送所有虚假数据时等待,然后用“ 500服务器错误”或类似的内容回答。 The slow POST attack still will be successful in this case. 在这种情况下,缓慢的POST攻击仍将成功。

How can I just drop the connection? 我怎样才能断开连接? Or maybe there are some settings or modules in IIS 7 which can do that for me? 也许IIS 7中有一些设置或模块可以为我做到这一点?

3 个解决方案

解决方案1
 1 已采纳  2011-03-30 15:13:06

Try Response.Close instead of Response.End. 尝试使用Response.Close而不是Response.End。 See also the checked answer of this SO thread . 另请参见此SO线程的已检查答案。

解决方案2
 0  2011-03-30 14:46:09

You could check out the Request Filtering of IIS7. 您可以签出IIS7的请求筛选 Just don't know if your 'condition' can be implemented in such a way that Request Filtering is possible. 只是不知道您的“条件”是否可以请求过滤的方式实现。 Ofcourse IP Security is an option, but not very elegant. 当然可以选择IP安全性 ,但不是很优雅。 Isn't there a Forefront TMG (or other firewall) in front of the webserver? Web服务器前面没有Forefront TMG(或其他防火墙)吗? If so, you can add some security in the firewall. 如果是这样,您可以在防火墙中添加一些安全性。

If both of them can't do the stuff you want, you probably need to write your own HTTP Module to stop a request. 如果他们两个都不能满足您的要求,则可能需要编写自己的HTTP模块来停止请求。 This still doesn't answer your question on how to stop the request though. 但是,这仍然无法回答您如何停止请求的问题。 Perhaps a solution would be to serve those 'users' an empty page. 也许一种解决方案是为那些“用户”提供一个空白页面。 That way you don't have to stop a request, but simply serve them an empty page. 这样,您不必停止请求,而只需为他们提供一个空白页。 This will give your webserver some load, but doesn't impact the database server. 这将给您的Web服务器带来一些负担,但不会影响数据库服务器。

解决方案3
 0  2011-03-30 15:10:19

您是否考虑过减少连接超时?

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何在ASP.NET页中关闭SSL连接 - How can I close an SSL connection in an ASP.NET page asp.net连接打开和关闭 - asp.net connection open and close Connection.Close()错误ASP.NET - Connection.Close() error ASP.NET 无法关闭从Java到ASP.Net服务器的http连接 - Can not close my http connection from java to ASP.Net server ASP.NET HTTP连接限制 - ASP.NET HTTP Connection Limit 为什么在ASP.Net中的StatusDescription中添加换行符会关闭连接? - Why does adding a newline to StatusDescription in ASP.Net close the connection? 何时关闭从 Asp.net 到 oracle 数据库的连接 - When to close connection to an oracle db from Asp.net 如何使用LinkBut​​ton在ASP.NET中关闭表单? - How to close the form in ASP.NET with a LinkButton? 如何在asp.net中关闭sqlconnection - how to close a sqlconnection in asp.net 如何在asp.net中关闭radwindow? - how to close radwindow in asp.net?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM