C#
- Related Articles
- Integrating Python into C# : A Comprehensive Guide to Embedding Python in C# Applications
- Introduction to .NET Programming
- C# 9.0 - Introduction To Top-Level Statements
- How to use Global Using Directives in C#
- List pattern matching in C#
- Required Members in C#
- Collection Expressions in C#
- Dependency Injection in .Net Core
- Understanding HTTP Codes
- C# 12 Features
- Validation Requests in .Net Core API
- Understanding Dependency Injection in Depth in .Net Core
- Real time use of Func Delegate in C#
- Securing API with IP Block List in C#
- Validating Life time of objecs in .Net core
- Concept of Middleware
- Securing API with DDOS attack
- Generate Report via Converting Data table to HTML in .net core API.
- Understanding Generics in C#
- Learning .Net Core with Docker
- LINQ (Language Integrated Query) in C#
- Tips and Tricks for HTTP Client in .Net core
- Learning IHttpClientFactory in .net core
- Basics Of Generic Classes In C#
- Lambda Expressions in C#
- Extension Method in C#
- What is a Dynamic Type in C#
- Async and Await in C#
- CRUD Operations in Generic List C#
- Essential Things in Generic List C# that every developer must know
- CRUD operations .Net Core API
- C# String Interpolation
- Expression-Bodied Members in C#
- Property initializer in C#
- When should you use a Tuple in C#
- Custom Middleware in .Net Core API
- Pattern Matching in C#
- What is a Nullable Reference Type in C#
- Understanding C# Default Interface Methods
- Record types in C#
- Learning IServiceProvider in .Net Core
- Learn Cancellation Token in .Net Core
- .Net Core 8.0 Pipeline
- Consuming RestAPI from .Net Console Applications
- Endpoint Explorer in Visual Studio 2022
- Export DataTable To CSV In C#
- Regex for Numbers only in C#
- How to get the URL of the current page in C#?
- Read and parse a Json File in C#
- ComboBox: Adding Text and Value to an Item (no Binding Source) in C#
- Using String Format to show decimal up to 2 places or simple integer in c#
- What is the Get and Set syntax in C#
- How to remove time portion of date in C# in DateTime object only?
- Get int value from enum in C#
- How to iterate over a dictionary in C#?
- Writing data into CSV file in C#
- Join and Where with LINQ and Lambda in C#
- Multiline string literal in C#
- How do I make calls to a REST API using C#?
- Setting Authorization Header of HttpClient in C#
- Reading CSV file and storing values into an array in C#
- How do you get the index of the Current Iteration of a Foreach loop in C#
- How do I save a stream to a file in C#?
- How can we Generate Random Alphanumeric strings in C#
- Calling the Base constructor in C#
- How to set the Content-Type header for an HttpClient request in C#
- LINQ query on a DataTable in C#
- What is the Best way to give a C# auto-property an Initial Value
- AddTransient, AddScoped and AddSingleton Services Differences in C#
- How do I Encode and Decode a Base64 string in C#
- How to enumerate an Enum in C#?
- Identify if a string is a number in C#
- Abstract and Sealed Classes in C#
- Advanced Concepts in C#
- Type Checking: typeof, GetType, or is?
- How to Execute a Stored Procedure Within a C# Program
- Creating a Byte Array from a Stream in C#
- How to Reverse a String in C#
- How Do I Turn a C# Object into a JSON String in .NET?
- How to Return Multiple Values to a Method Caller in C#
- How Do I Display a Decimal Value to 2 Decimal Places in C#?
- How to Calculate Difference Between Two Dates (Number of Days) in C#?
- How Do I Cast int to Enum in C#?
- Pass Method as Parameter using C#
- How Do I Generate a Random Integer in C#?
- How to Sort a List<T> by a Property in the Object in C#
- How Do I Make a Textbox That Only Accepts Numbers in C#?
- GroupBy in LINQ in C#
- Converting a String to DateTime in C#
- How can I convert String to Int?
- What is the Difference Between String and string in C#?
- LINQ's Distinct() on a Particular Property in C#
- Arrays and Strings in C#
- Read and Write a Text File in C#
- Converting String to Int in C#
- Mastering C# Parse Int
- C# Convert String to DateTime
- C# Convert String to Int
- Convert a C# String to an Integer
- Parse String as Int in C#
- cast string to integer c#
- C# Pattern Matching
- C# Convert String to Integer
- Cast String to Int in C#
- How can we Convert String to Int in C#
Protecting Against DDoS Attacks: Best Practices for Securing Your API
In this article we will learn about DDoS attack and its prevention using .NET core
In today's digital landscape, securing your API against DDoS attacks is crucial to ensure the availability and reliability of your services. With the increasing frequency and sophistication of DDoS attacks, it's essential to implement best practices to protect your API from potential threats.
Understanding DDoS Attacks
When there are millions of requests sent to particular server or set of servers so that server become busy to serve the request, in other words making server overloaded via sending false or malicious requests. Result of this attack is to make server unavailable to serve request and then server becomes unavailable.
DDoS (Distributed Denial of Service) attacks are malicious attempts to disrupt the normal traffic of a targeted server, service, or network by overwhelming it with a flood of internet traffic. These attacks can lead to downtime, performance issues, and potential data breaches, making them a significant threat to API security.
Symptoms of DDoS attack : How to identify if Server having such attack.
If is a site or service suddenly becoming slow or unavailable, in this case further investigation is required to see if there is suspicious traffic or web server have genuine traffic.
a. It is required to check logs and traffic analytic tools which can be used to see IP address of sources
b. If traffic originating from a single IP address or IP range then this must be DDoS
c. Odd traffic patterns such as spikes at odd hours of the day or patterns that appear to be unnatural (e.g. a spike every 10 minutes)
Solution
1. Prevention Technique : Rate Limiter
At application level if we want to restrict traffic to application, we can use Rate Limiter in .Net core
In this example we will configure our service to accept only 20 request per second and after that it will reject to accept any requests.
Steps
1 .Create Web api .net core project
2. Program .cs -> Add below code
builder.Services.AddRateLimiter(options => { options.GlobalLimiter = PartitionedRateLimiter.Create<HttpContext, string>(httpContext => RateLimitPartition.GetFixedWindowLimiter(partitionKey: httpContext.User.Identity?.Name ?? httpContext.Request.Headers.Host.ToString(), factory: partition => new FixedWindowRateLimiterOptions { AutoReplenishment = true, PermitLimit = 20, QueueLimit = 0, Window = TimeSpan.FromMinutes(1) })); }); var app = builder.Build(); // Configure the HTTP request pipeline. if (app.Environment.IsDevelopment()) { app.UseSwagger(); app.UseSwaggerUI(); } app.UseHttpsRedirection(); app.UseAuthorization(); app.UseRateLimiter(); app.MapControllers(); app.Run();
Understanding builder.Services.AddRateLimiter
The method is used to configure and register the rate limiter service with the application’s service container. Once added to the application, the rate limiter can be used to control access to certain routes or endpoints, ensuring that they are not overwhelmed by too many requests.
Now if we want to set a global rate limiter for all requests GlobalLimiter option is set to any PartitionedRateLimiter. In the above example, we have added a FixedWindowLimiter, and configured it to apply “per authenticated username (or hostname if not authenticated)” — the partition. The FixedWindowLimiter is then configured to automatically replenish permitted requests and permits 20 requests per minute.
Testing and Execution
I have created console application which is making http requests to weather API
// See https://aka.ms/new-console-template for more information using System.Text.Json; Console.WriteLine("Making connections....!"); var apiUrl = "https://localhost:44316/WeatherForecast"; // Example API endpoint using var client = new HttpClient(); try { for (int i = 0; i < 21; i++) { // Making the GET request var response = await client.GetAsync(apiUrl); // Ensure the request was successful response.EnsureSuccessStatusCode(); // Read the response content as a string var content = await response.Content.ReadAsStringAsync(); if(content!=null && content.Length>0) Console.WriteLine("Getting response from server ->" + i.ToString()); } } catch (Exception e) { Console.WriteLine($"Request error: {e.Message}"); Console.ReadKey(); }
Understanding of above code
Above code contains loop for making api calls for 21 times.
we are logging Console.WriteLine(“Getting response from server ->” + i.ToString());
Console : we can see requests are getting response till 19 and get exception after 19.
Specific error code: we can add below code and can get specifc exception.
options.RejectionStatusCode = 429;
2. Prevention Technique : IP Blocking and Geo-Blocking:
If we know range of IP’s from where we are getting attacks, we can restrict specific IP address. we can use below approach in .net core
public void Configure(IApplicationBuilder app, IHostingEnvironment env) { app.Use(async (context, next) => { var ipAddress = context.Connection.RemoteIpAddress.ToString(); if (ipAddress == "blocked_ip") { context.Response.StatusCode = 403; await context.Response.WriteAsync("Forbidden"); } else { await next.Invoke(); } }); app.UseMvc(); }
There are various types of DDoS attacks, including:
- Syn Flood
- UDP Flood
- HTTP Flood
- ICMP Flood
Best Practices for Securing Your API
Implementing the following best practices can help defend your API against DDoS attacks:
1. Use DDoS Protection Services
Consider using DDoS protection services that can detect and mitigate attacks in real-time, safeguarding your API from potential threats.
2. Implement Rate Limiting
Set rate limits on your API endpoints to prevent abuse and limit the number of requests from a single source, reducing the impact of potential DDoS attacks.
3. Monitor Traffic Patterns
Regularly monitor your API traffic patterns to detect any unusual spikes or anomalies that could indicate a DDoS attack in progress.
4. Secure Your Infrastructure
Ensure that your server infrastructure is secure by applying the latest security patches, using firewalls, and implementing encryption protocols to protect your API endpoints.
Frequently Asked Questions
Q: What is the impact of a DDoS attack on an API?
A: A DDoS attack can disrupt the availability and performance of an API, leading to downtime and potential data breaches.
Q: How can I protect my API from DDoS attacks?
A: Implementing DDoS protection services, rate limiting, monitoring traffic patterns, and securing your infrastructure are key steps to defend your API against DDoS attacks.
Conclusion
Securing your API against DDoS attacks is essential to maintain the integrity and availability of your services. By following best practices and staying vigilant against potential threats, you can protect your API from malicious attacks and ensure a seamless user experience for your customers.
