by Mike.Sheen » Sun Feb 17, 2019 5:19 pm
Hi Stuart,
Not out of the box - we certainly could add that but I think the best approach for hardening the API would be to stand up a proxy in front of it and leverage the years of battle tested hardening that's gone into them - like Nginx.
This is the approach Microsoft has taken with the lightweight Kestrel HTTP server in ASP.NET Core - it's not trying to be anything but a lightweight HTTP server and the official guidance is to NOT front Kestrel to public internet facing traffic, but put a hardened proxy in front.
If you want a quick and dirty solution, a request filter could be added via plugin to look at a whitelist or blacklist and refuse requests based on that - I've not done this but I think it would be a fairly easy plugin to do.
Let me know if you need that instead of the recommended proxy option.
Mike
Mike Sheen
Chief Software Engineer
Jiwa Financials
If I do answer your question to your satisfaction, please mark it as the post solving the topic so others with the same issue can readily identify the solution