Mads Kristensen

My personal blog about everything tech

Denial of Service (DoS) attacks are becoming a more and more common way to bring websites and servers down. They are very easy to do and pretty hard to protect against, which is why they are so popular. The only thing you can do to prevent such an attack is to block the response to the attackers. You have no control over the requests, so you have to catch the attacker as early as possible after the request has been received by the web server.

There are two challenges to blocking the attacks

  • Identify the attackers
  • Block the response only to the attackers

To catch the request as early as possible, an HttpModule is the right place. It is executed before any page or any other handler so the impact on the server can be minimized. This HttpModule monitors all requests and block requests coming from IP addresses that make many requests in a short period of time. After a while the attacking IP address gets released from blocking.

The module is a high performance and lightweight protection from DoS attacks and very easy to implement.

Implementation

Download the DosAttackModule.cs file below and put it into the App_Code folder of your website. Then add the following lines to the web.config’s <system.web> section:

< httpModules >

  < add type = " DosAttackModule " name = " DosAttackModule " />

</ httpModules >

Download

DosAttackModule.zip (1,13 KB)

The thread pool gives you an easy and safe way for creating multithreaded applications, and even though the stateless nature of the Internet isn’t the best place for multithreading, it can still be the right thing to do for certain scenarios.

I’ve seen a lot of examples on how to use the thread pool and none of them takes advantage of the Boolean return value of the QueueUserWorkItem method. This is important because if the thread pool fails to create a new thread you will not be notified about it. Here is a short example of a button’s click event handler that creates a new thread to do some work.

protected void btnSave_Click(object sender, EventArgs e)

{

  if (System.Threading.ThreadPool.QueueUserWorkItem(ThreadProc))

  {

    Response.Write("Processing is started successfully.");

  }

  else

  {

    Response.Write("An error occured.");

  }

}

 

private void ThreadProc(object stateInfo)

{

  DoSomething();

}

By using the Boolean return value we can now catch the failure and notify the user or maybe try again.