Walter.Web.Firewall.Core.3.x 2020.9.9.2

Firewall that can be used in Asp.net core and .net standard 2.1 Applications that
   would benefit for protection against among others
   1. penetration attacks,
   2. Cross Site Scripting
   3. cookie hijacking,
   4. IFrames,
   5. GEO blocking,
   6. Denial of service,
   7. Scrubbing
   8. IP White and black listing
   9. User type detection
   10 Easy configurable with general rules as we will as overrides per action or page
   and much more.
   You can get started with the firewall
   using the samples shown in https://www.asp-waf.com/download/ASP-WAF-FireWall-Getting-Started.pdf

Suggested Alternatives

Walter.Web.FireWall

Additional Details

Use the latest Package from Walter.Web.FireWall in your project

The owner has unlisted this package. This could mean that the package is deprecated, has security vulnerabilities or shouldn't be used anymore.
Install-Package Walter.Web.Firewall.Core.3.x -Version 2020.9.9.2
dotnet add package Walter.Web.Firewall.Core.3.x --version 2020.9.9.2
<PackageReference Include="Walter.Web.Firewall.Core.3.x" Version="2020.9.9.2" />
For projects that support PackageReference, copy this XML node into the project file to reference the package.
paket add Walter.Web.Firewall.Core.3.x --version 2020.9.9.2
The NuGet Team does not provide support for this client. Please contact its maintainers for support.
#r "nuget: Walter.Web.Firewall.Core.3.x, 2020.9.9.2"
#r directive can be used in F# Interactive, C# scripting and .NET Interactive. Copy this into the interactive tool or source code of the script to reference the package.
// Install Walter.Web.Firewall.Core.3.x as a Cake Addin
#addin nuget:?package=Walter.Web.Firewall.Core.3.x&version=2020.9.9.2

// Install Walter.Web.Firewall.Core.3.x as a Cake Tool
#tool nuget:?package=Walter.Web.Firewall.Core.3.x&version=2020.9.9.2
The NuGet Team does not provide support for this client. Please contact its maintainers for support.

This package allows you to protect your firewall using annotations and pre-specified rules. A full getting started document is available at www.asp-waf.com in form of a PDF, compiled help and simple instructions

The bellow sample shows how you integrate and enable the firewall in your project.

services.AddFireWall(FireWallTrail.License, FireWallTrail.DomainKey
    , domainName: new Uri("https://www.your-domain.com", UriKind.Absolute)
    , options =>
    {
        options.Cypher.ApplicationPassword = "123456$even";
        options.ApplicationName = "Name as used for reporting";
        options.ApplicationTag = "ITIL Tag";
        options.Rules.BlockRequest.BlockDuration.SlideExpiration = true;
        options.Rules.BlockRequest.BlockDuration.Expires = TimeSpan.FromSeconds(10);

        //used by JavaScript in the browser
        options.WebServices.IsUserApiUrl = new Uri(Links.IsUserEndpoint, UriKind.Relative);
        options.WebServices.RegisterLinksApiUrl = new Uri(Links.SiteMapEndPoint, UriKind.Relative);
        options.WebServices.BeaconApiUrl = new Uri(Links.BeaconPoint, UriKind.Relative);

});
//protect each MVC controller
services.AddMvc(options =>
    options.Filters.Add<Walter.Web.FireWall.Filters.FireWallFilter>()
);

The firewall is fully configurable and has quite a few options that allow you to protect against fishing, scrubbing, cross-site attach and much more.

There are a ton of configuration options available using the many annotations

   namespace MyProject.Controllers
   {
       using Walter.Web.FireWall;
       using Walter.Web.FireWall.Annotations;
       using Walter.BOM.Geo;

       [Geo(blockLocation: GeoLocation.AFRICA | GeoLocation.LATIN_AMERICA | GeoLocation.Netherlands)]
       [Users(users: UserTypes.IsHuman | UserTypes.IsSearchEngine)]
       [BlockDuration(duration: 60, sliding: true, doubleDurationPerIncedent: true)]
       public sealed class MembersController : Controller
       {
           private readonly ILogger<MembersController> _logger;
            private readonly IPageRequest _page;
           public HomeController(ILogger<MembersController> logger,IPageRequest page)
           {
               _logger = logger;
               _page=page;
           }

           public IActionResult Index()
           {
               return View();
           }


           [Ignore]
           [ResponseCache(Duration = 0, Location = ResponseCacheLocation.None, NoStore = true)]
           public IActionResult Error()
           {
               //the page field will contain all the errors the user ran into
               return View(new ErrorViewModel { RequestId = Activity.Current?.Id ?? HttpContext.TraceIdentifier });
           }
       }
   }

This is just a small set of options of what's possible

This package allows you to protect your firewall using annotations and pre-specified rules. A full getting started document is available at www.asp-waf.com in form of a PDF, compiled help and simple instructions

The bellow sample shows how you integrate and enable the firewall in your project.

services.AddFireWall(FireWallTrail.License, FireWallTrail.DomainKey
    , domainName: new Uri("https://www.your-domain.com", UriKind.Absolute)
    , options =>
    {
        options.Cypher.ApplicationPassword = "123456$even";
        options.ApplicationName = "Name as used for reporting";
        options.ApplicationTag = "ITIL Tag";
        options.Rules.BlockRequest.BlockDuration.SlideExpiration = true;
        options.Rules.BlockRequest.BlockDuration.Expires = TimeSpan.FromSeconds(10);

        //used by JavaScript in the browser
        options.WebServices.IsUserApiUrl = new Uri(Links.IsUserEndpoint, UriKind.Relative);
        options.WebServices.RegisterLinksApiUrl = new Uri(Links.SiteMapEndPoint, UriKind.Relative);
        options.WebServices.BeaconApiUrl = new Uri(Links.BeaconPoint, UriKind.Relative);

});
//protect each MVC controller
services.AddMvc(options =>
    options.Filters.Add<Walter.Web.FireWall.Filters.FireWallFilter>()
);

The firewall is fully configurable and has quite a few options that allow you to protect against fishing, scrubbing, cross-site attach and much more.

There are a ton of configuration options available using the many annotations

   namespace MyProject.Controllers
   {
       using Walter.Web.FireWall;
       using Walter.Web.FireWall.Annotations;
       using Walter.BOM.Geo;

       [Geo(blockLocation: GeoLocation.AFRICA | GeoLocation.LATIN_AMERICA | GeoLocation.Netherlands)]
       [Users(users: UserTypes.IsHuman | UserTypes.IsSearchEngine)]
       [BlockDuration(duration: 60, sliding: true, doubleDurationPerIncedent: true)]
       public sealed class MembersController : Controller
       {
           private readonly ILogger<MembersController> _logger;
            private readonly IPageRequest _page;
           public HomeController(ILogger<MembersController> logger,IPageRequest page)
           {
               _logger = logger;
               _page=page;
           }

           public IActionResult Index()
           {
               return View();
           }


           [Ignore]
           [ResponseCache(Duration = 0, Location = ResponseCacheLocation.None, NoStore = true)]
           public IActionResult Error()
           {
               //the page field will contain all the errors the user ran into
               return View(new ErrorViewModel { RequestId = Activity.Current?.Id ?? HttpContext.TraceIdentifier });
           }
       }
   }

This is just a small set of options of what's possible

Release Notes

09 September 2020
     1. Add access to Rules class for advanced configuration before rule engine uses it to generated default rules
     https://firewallapi.asp-waf.com/?topic=html/Events.T-Walter.Web.FireWall.IFireWallConfig.htm
     
     2. Add access to RuleEngine configuration for runtime PEN scripts detection by making RulesConfig.BlockedPatterns Property public
     https://firewallapi.asp-waf.com/?topic=html/P-Walter.Web.FireWall.Configurations.RulesConfig.BlockedPatterns.htm
     
     3. Update documentation and sample documentation in on-line help and manual
     https://www.asp-waf.com/download/ASP-WAF-FireWall-Getting-Started.pdf

     4. Fix issue where sometimes a user gets rejected for being in the wrong group without having a filter defined.
     https://firewallapi.asp-waf.com/?topic=html/P-Walter.Web.FireWall.Configurations.RulesConfig.RejectUsersByDefault.htm
     

     08 September 2020
     1. Add OnRootPageRequestDisposed and OnResourceSend event to FireWallBase class as well as IFireWall interface
     Methods allow for post processing in proprietary projects
     https://firewallapi.asp-waf.com/?topic=html/Events.T-Walter.Web.FireWall.FireWallBase.htm
     2. Provide access to default rules for UrlValidationPatterns
     https://firewallapi.asp-waf.com/?topic=html/P-Walter.Web.FireWall.Configurations.RulesConfig.BlockedPatterns.htm

     2. Fix bug where sometimes users would be blocked as no user rule was defined

     06 September 2020
     1. update documentation
     2. Update terms
     3. Update NuGet package references

     04 September 2020
     1. update documentation
     2. Add manual blocking on event

     03 September 2020
     1. Add events for firewall management
     https://firewallapi.asp-waf.com/?topic=html/Events.T-Walter.Web.FireWall.IFireWall.htm
     2. Add method for using custom IFireWall implementation using base class
     https://firewallapi.asp-waf.com/?topic=html/M-Walter.Web.FireWall.FireWallBase.-ctor.htm

     27 August 2020
     1. Update License test for machine name in URL allowing it as a valid local licensed domain as LocalHost
     2. Update documentation
     3. Save incidents to disk in clear json format making it easier to validate blocking incidents
     4. Show RuleId and ViolationId in Page if triggered and enabled

     26 August 2020
     1. Export FireWall base to the framework for custom implementation of IFireWall

     22 August 2020
     1. Alter default cookie names
     2. Set CRF token settings based on firewall settings
     3. update text report to associate fictitious user nr to incident details

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version History

Version Downloads Last updated