ASP.Net Core
DataDome .NET Core module detects and protects against bot activity.
Datadome ASP.Net Core module is a middleware you need to assemble into your app pipeline before your internal processing to handle bot requests detection. It will makes a call to the DataDome API using a KeepAlive connection.
Depending on the API response, the module will either stop the pipeline and so block the query or let the request goes to your own middleware.
The module has been developed to protect the users' experience: if any errors were to occur during the process or if the timeout is reached, the module will automatically disable its blocking process and allow those hits.
Compatibility
The DataDome module supports the following versions / runtimes :
- .NET 6.0 LTS+
- Azure App Services
The module must be allowed do external https requests towards Datadome API endpoint.
Installation
Get the module
This module is available as a NuGet package.
PM> Install-Package Datadome.AspNetCore
Update your pipeline
Load Datadome module configuration (File Startup.cs)
using DataDome.Configuration;
public void ConfigureServices(IServiceCollection services)
{
...
services.Configure<DataDomeConfig>(Configuration.GetSection("DataDomeConfiguration"));
}
Add Datadome module at the beginning of your pipeline (File Startup.cs)
using DataDome;
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
app.UseDataDome();
...
}
Add Datadome module configuration
You might use a appsettings.json file to handle your process configuration. Please add a dedicated DataDomeConfiguration section for the module configuration
{
...
"DataDomeConfiguration": {
"ApiDomain": "api.datadome.co",
"LicenseKey": "...you secret license key...",
"ApiProtocol": "https",
...
},
...
}
Settings
Settings | Description | Default |
---|---|---|
ApiDomain | API endpoint URL Available endpoints | api.datadome.co |
ApiProtocol | API endpoint protocol | http |
Pattern | Regular expression to include URLs | N/A |
ExclusionPattern | Regular expression to exclude URLs (exclude static asset) | .*\.(avi|flv|mka|mkv|mov|mp4|mpeg|mpg|mp3|flac|ogg|ogm|opus|wav|webm|webp|bmp|gif|ico|jpeg|jpg|png|svg|svgz|swf|eot|otf|ttf|woff|woff2|css|less|js)($|\?) |
LicenseKey | License key to access the API | |
Timeout | API connection timeout (in milliseconds) | 100 |
ProcessIPs | Only process requests that are from selected IP addresses over the API server. This is a comma separated list of IPv4 or IPv6 networks. By default, the value includes blank addresses, similar to 0.0.0.0/0,::/0 | N/A |
SkipIPs | Do not send requests incoming from specified IPv4 or IPv6 networks to the API server. By default, the value is blank, meaning there are no addresses to skip. | |
ConnectionLimit | Limit the amount of open TCP connections. | 1000 |
ParallelConnectionLimit | Limit the amount of concurrent requests sent to DataDome's validation API. | 2000 |
ProxyServer | Your proxy server | N/A |
ProxyPort | Your proxy port | N/A |
Note: Using the DataDome module with outbound proxy can slower total time spent calling the DataDome API and increase timeouts. Please adjust timeout settings accordingly.
FAQ
Do you provide a demo?
We provide a Dockerfile with the set up and the configuration to help you to integrate DataDome.
How can I activate debug logs?
Datadome middleware is using the logger injected by your pipeline.
You can configure tracing by editing the application's configuration. Example of a logging section:
{
...
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft": "Warning",
"Microsoft.Hosting.Lifetime": "Information"
},
"Console": {
"LogLevel": {
"DataDome": "Trace"
},
"FormatterName": "simple",
"FormatterOptions": {
"SingleLine": true,
"IncludeScopes": true,
"TimestampFormat": "dd/MM/yyyy HH:mm:ss.fff ",
"UseUtcTimestamp": true
}
}
},
...
}
How can I use CSP nonce?
The HTTP Content-Security-Policy (CSP) script-src directive specifies valid sources for JavaScript.
If you are using this feature, you should add to the context.Items
dictionary the key cspNonce
with the value that you generate for each request. Our code is going to inject the value in our html response:
app.Use(async (context, next) =>
{
context.Items["cspNonce"] = "YourCspNonceGeneratedValue";
// ...
await next(context);
});
app.UseDataDome();
Updated 2 days ago