Abort any POST VERB operation in IIS

Question

My site is getting DOS attack with POST VERB, my site is a static site and I am trying to stop any POST action on the home page.

I had the URL Rewrite installed on my server, so I am trying to write rule to abort POST on homepage, but it is not working. Any other ideas to stop the POST on the homepage alone?

<rewrite>
<rules>
    <rule name="Remove Home Page Post">
    <match url="/default.aspx" />
        <conditions>
            <add input="{HTTP_METHOD}" pattern="post" />
        </conditions>
        <action type="AbortRequest" />
    </rule>

</rules>
 </rewrite>

score 1 · Answer 1 · edited Apr 13 '17 at 12:14

1

A POST flood is overwhelming your IIS stack, so nothing application-level will stop it. What you need is rate-limiting. See Rate Limit Packets with Windows Firewall 2008? for a reference.

edited Apr 13 '17 at 12:14

Community

1

answered May 15 '13 at 18:03

Nathan C

14,901
4
42
62

Abort any POST VERB operation in IIS

1 Answers1