IIS (ASP.Net)

DataDome IIS module detects and protects against bot activity.

Before the regular IIS process starts, the module makes a call to the DataDome API using a KeepAlive connection.
Depending on the API response, the module will either block the query or let the IIS proceed with the regular process.
The module has been developed to protect the users' experience: if any errors were to occur during the process or if the timeout is reached, the module will automatically disable its blocking process and allow those hits.

Compatibility

This module is compatible with .NET Framework 3.5 or later and can be executed using any web server with support for ASP.NET HTTP Modules (e.g. IIS 6+, IIS Express, XSP, Apache with mod_mono).

DataDome integration has been successfully tested on Azure VM and Azure WebApp.

Prerequisites

In order for DataDome to run, the following features should be installed on the IIS server:

  • ASP.net
  • HTTP Activation
  • ISAPI

Installation

DataDome support 2 interfaces for integrating with IIS:

Settings

SettingsDescriptionDefault
dome:domainAPI endpoint URL
Available endpoints
api.datadome.co
dome:protocolAPI endpoint protocolhttp
dome:patternRegular expression to include URLs N/A
dome:exclusion-patternRegular expression to exclude URLs (exclude static asset)exclude static assets
dome:licenseLicense key to access the API
dome:timeoutAPI connection timeout (in milliseconds)100
dome:processIPsOnly process requests that are from selected IP addresses over the API server. This is a comma separated list of IPv4 or IPv6 networks. By default, the value includes blank addresses, similar to 0.0.0.0/0,::/0N/A
dome:skipIPsDo not send requests incoming from specified IPv4 or IPv6 networks to the API server. By default, the value is blank, meaning there are no addresses to skip.

📘

Regular expression

Both parameters dome:pattern and dome:exclusion-pattern does not use query string parameters

FAQ

Can I upgrade the module?

To upgrade the DataDome Module you need to add the new .dll file in your bin folder.
Caution: if you upgrade from a version older than 2.3, you need to change some of the settings' names.

Can I get Bot Name, Bot Type and Bot/Human flags in my application?

DataDome module can inject headers in the HTTP request that can be read by your application.
For IIS, check if "Server roles -> Web Server (IIS)-> Web Server -> Common HTTP Features-> Health and diagnostics-> Custom logging" is enabled.
You can find more information here.

How can I activate debug logs?

You can configure tracing by editing the application's configuration Web.config file. Below is a sample of an edited Web.config.
For more information on these settings, refer to the following documentation.

<configuration>
    [...]
    <system.diagnostics>
        <trace autoflush="true" /> 
        <sources>
            <source name="DataDome" switchValue="Information">
                <listeners>
                    <add
                        name="FileLog"
                        type="System.Diagnostics.TextWriterTraceListener"
                        initializeData="/PATH/DataDome.log"
                        traceOutputOptions="DateTime"
                    />
                </listeners>
            </source>
        </sources>
    </system.diagnostics>
</configuration>

How can I enable HTML tracing?

Caution: This setting should be applied in the development environment only

The application has its own trace mode. The request's information is rendered to the HTML output. It can be enabled through the below setting:

<configuration>
    [...]
    <appSettings>
        [...]
        <add key="dome:trace" value="true" />
    </appSettings>
</configuration>

How can I use a proxy?

The module can send the request through your proxy server. This can be enabled by specifying the proxy address in the Web.config file.
For more information on these settings, refer to the following documentation.

<configuration>  
    [...]
  <system.net>  
    [...]
    <defaultProxy>  
      <proxy proxyaddress="http://192.168.1.10:3128" />  
    </defaultProxy>  
  </system.net>  
</configuration>