C# Class Rds.Web.Modules.ProjectHoneypotModule

Each request is a DNS query. To minimize this module's performance impact against site requests, two tactics are taken: 1. Since a given IP's status isn't likely to change from one minute to the next, we're going to cache results (pass or fail) and on subsequent calls from the same IP we'll check the cached result. A cache result will be ejected after EXPIRATION_INTERVAL_IN_MINUTES minutes. 2. The verification is going to be done asyncronously, so the module does not need to worry about how fast the DNS checks are. This means the first request from an IP will always go through, but if the IP is flagged, the second one should be stopped. Uses .Net 4, due to the ConcurrentDictionary and System.Threading.Tasks for async fun. Can be pulled back if you take care of locking access to the dictionary yourself and use ThreadPool instead of TPL. To use, add the following section in your configSections block (swap out {dll name} for yours): < configSections > < section name="honeypot" type="Rds.Web.Modules.ProjectHoneypotModule.Config" /> </ configSections > You can then add the configuration section: < honeypot accessKey="{your key}" testFailure="true|false" /> The testFailure defaults to false, and is provided if you want to generate blocked requests to confirm it's working. Don't use this in production - all requests are blocked. There is an optional disallowedVisitorTypes attribute that can be used, which can be populated with a comma-separated list of VisitorTypes values. Note, SearchEngine can't be included in this list - if it is, it will be ignored. By default, all types are disallowed except SearchEngine and UnknownOrSafe. There is no option currently to specify a threat threshold value, or to ignore search engines. Anything that returns a threat level, however insignificant, will be blocked.