How to prevent DoS attack in ASP.NET MVC applications?

asp.net-mvc-3 security ddos
Edi Wang picture Edi Wang · Aug 4, 2012 · Viewed 16.4k times · Source

I don't want someone keep F5 my site or using some tool to request the page frequently.

That is to say, prevent an Action or the Controller to be invoked frequently by one client.

How can I implement this? Is there any package I can use? just like AntiXSS library.

Answer

Garrett Fogerlie picture Garrett Fogerlie · Aug 4, 2012

Most of these features are going to be found in the IIS manager. Something like Dynamic IP Restrictions should help. Read through Microsoft's Best Practices for Preventing DoS/Denial of Service Attacks, this provides a good list of thing to do.

Also according to this video, Cloud Flare is able to prevent these attacks with their free service.

Related questions

Why is JsonRequestBehavior needed?

Why is Json Request Behavior needed? If I want to restrict the HttpGet requests to my action I can decorate the action with the [HttpPost] attribute Example: [HttpPost] public JsonResult Foo() { return Json("Secrets"); } // Instead of: public JsonResult Foo() { return …

Read More
RequestVerificationToken does not match

I have a problem with the anti CRSF MVC mechanism. The cookie and the form input returned does not match. I'm getting an error every single time, only in one specific page. In the rest of the application it works …

Read More
Asp.net Mvc custom mechanism to handle unauthorized request

For my website i want following behaviors for secured controller(or action) if a user makes a normal request redirect to login page (which i have easily able to do) if request is Ajax type Request.IsAjaxRequest()==true, return status …

Read More