IIS (ASP.Net)

DataDome IIS module detects and protects against bot activity.

Before the regular IIS process starts, the module makes a call to the DataDome API using a KeepAlive connection.
Depending on the API response, the module will either block the query or let the IIS proceed with the regular process.
The module has been developed to protect the users' experience: if any errors were to occur during the process or if the timeout is reached, the module will automatically disable its blocking process and allow those hits.

Compatibility

This module is compatible with .NET Framework 3.5 or later and can be executed using any web server with support for ASP.NET HTTP Modules (e.g. IIS 6+, IIS Express, XSP, Apache with mod_mono).

DataDome integration has been successfully tested on Azure VM and Azure WebApp.

Prerequisites

In order for DataDome to run, the following features should be installed on the IIS server:

  • ASP.net
  • HTTP Activation
  • ISAPI

Installation

DataDome support 2 interfaces for integrating with IIS:

Settings

SettingsDescriptionDefault
dome:domainAPI endpoint URL
Available endpoints
api.datadome.co
dome:protocolAPI endpoint protocolhttp
dome:patternRegular expression to include URLs N/A
dome:exclusion-patternRegular expression to exclude URLsexclude static assets see below
dome:licenseLicense key to access the API
dome:timeoutAPI connection timeout (in milliseconds)100
dome:processIPsOnly process requests that are from selected IP addresses over the API server.

This is a comma-separated list of IPv4. CIDR notation is accepted.

By default, the value includes blank addresses, similar to 0.0.0.0/0,::/0
N/A
dome:skipIPsDo not send requests coming from specified IP addresses to the API server.

This is a comma-separated list of IPv4. CIDR notation is accepted.

By default, the value is blank, meaning there are no addresses to skip.
\\.(avi|flv|mka|mkv|mov|mp4|mpeg|mpg|mp3|flac|ogg|ogm|opus|wav|webm|webp|bmp|gif|ico|jpeg|jpg|png|svg|svgz|swf|eot|otf|ttf|woff|woff2|css|less|js)$

πŸ“˜

Regular expression

Both parameters dome:pattern and dome:exclusion-pattern do not use query string parameters

Below is an example configuration to exclude some images extension from module protection:

<add key="dome:exclusion-pattern" value="\.(gif|ico|jpg|png)$" />

Upgrading the module

Upgrading to 3+

🚧

Starting with version 3.0.0, dome:exclusion-pattern updated

Considering the following URL: schema://subdomain.domain.com/path

  • For versions up to 2.19.0, dome:exclusion-pattern supported only the path exclusion.
  • Versions 3.0.0 and above support full URL exclusion.

When upgrading, make sure you validate your exclusion pattern to match accordingly.

FAQ

Can I upgrade the module?

To upgrade the DataDome Module you need to add the new .dll file in your bin folder.
Caution: if you upgrade from a version older than 2.3, you need to change some of the settings' names.

Can I get Bot Name, Bot Type and Bot/Human flags in my application?

DataDome module can inject headers in the HTTP request that can be read by your application.
For IIS, check if "Server roles -> Web Server (IIS)-> Web Server -> Common HTTP Features-> Health and diagnostics-> Custom logging" is enabled.
You can find more information here.

How can I activate debug logs?

You can configure tracing by editing the application's configuration Web.config file. Below is a sample of an edited Web.config.
For more information on these settings, refer to the following documentation.

<configuration>
	[...]
	<system.diagnostics>
		<trace autoflush="true" /> 
		<sources>
			<source name="DataDome" switchValue="Information">
				<listeners>
					<add
						name="FileLog"
						type="System.Diagnostics.TextWriterTraceListener"
						initializeData="/PATH/DataDome.log"
						traceOutputOptions="DateTime"
					/>
				</listeners>
			</source>
		</sources>
	</system.diagnostics>
</configuration>

How can I enable HTML tracing?

Caution: This setting should be applied in the development environment only

The application has its own trace mode. The request's information is rendered to the HTML output. It can be enabled through the below setting:

<configuration>
	[...]
	<appSettings>
		[...]
		<add key="dome:trace" value="true" />
	</appSettings>
</configuration>

How can I use a proxy?

The module can send the request through your proxy server. This can be enabled by specifying the proxy address in the Web.config file.
For more information on these settings, refer to the following documentation.

<configuration>  
	[...]
  <system.net>  
	[...]
    <defaultProxy>  
      <proxy proxyaddress="http://192.168.1.10:3128" />  
    </defaultProxy>  
  </system.net>  
</configuration>