We have some logic in the web.config which requires ip whitelisting to access our websites.
We want to allow load testing without having to whitelist IP, as the load test will come from dynamic IPs. In the load test tool we can set a request header, such as
loadtester: true
In the rewrite rules are "input" variables, which, from looking at examples, include:
But I cant find one for reqeuest headers. Are these documented anywhere?
Any idea how I would parse the headers and check the one i am looking for? We would like to allow traffic with a specific header, even if the IP is not whitelisted.
example extract from web.config:
<rule name="Whitelist sites" stopProcessing="true">
<match url=".*" />
<conditions>
<add input="{REMOTE_ADDR}" pattern="82\.7\.151\.45" negate="true"/>
<add input="{HTTP_X_Forwarded_For}" pattern="82\.7\.151\.45" negate="true"/>
</conditions>
<action type="CustomResponse" statusCode="403" statusReason="Forbidden" statusDescription="The requested site is not accessible" />
</rule>
</rules>
</rewrite>
</system.webServer>
Update: I found this resource: https://www.w3schools.com/ASP/coll_servervariables.asp
In it there is a variable called "HTTP_<HeaderName>"
I'll try!
You can access the headers by prefixing their name with HEADER_
Untested, but this should work: <add input="{HEADER_LOADTESTER}" pattern="true" negate="true"/>
(personally i would go with a random string for the header/value if your using this approach to protect a publicly accessible service)
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.