IIS (ASP.Net)
DataDome IIS module detects and protects against bot activity.
Before the regular IIS process starts, the module makes a call to the DataDome API using a KeepAlive connection.
Depending on the API response, the module will either block the query or let the IIS proceed with the regular process.
The module has been developed to protect the users' experience: if any errors were to occur during the process or if the timeout is reached, the module will automatically disable its blocking process and allow those hits.
Compatibility
This module is compatible with .NET Framework 3.5 or later and can be executed using any web server with support for ASP.NET HTTP Modules (e.g. IIS 6+, IIS Express, XSP, Apache with mod_mono).
DataDome integration has been successfully tested on Azure VM and Azure WebApp.
Prerequisites
In order for DataDome to run, the following features should be installed on the IIS server:
- ASP.net
- HTTP Activation
- ISAPI
Installation
DataDome support 2 interfaces for integrating with IIS:
- System.web installation (Recommended): Module System.web
- OWIN (Open Web Interface for .Net): Module Owin
Settings
Settings | Description | Default |
---|---|---|
dome:domain | API endpoint URL Available endpoints | api.datadome.co |
dome:protocol | API endpoint protocol | http |
dome:pattern | Regular expression to include URLs | N/A |
dome:exclusion-pattern | Regular expression to exclude URLs | exclude static assets |
dome:license | License key to access the API | |
dome:timeout | API connection timeout (in milliseconds) | 100 |
dome:processIPs | Only process requests that are from selected IP addresses over the API server. This is a comma-separated list of IPv4. CIDR notation is accepted. By default, the value includes blank addresses, similar to 0.0.0.0/0,::/0 | N/A |
dome:skipIPs | Do not send requests coming from specified IP addresses to the API server. This is a comma-separated list of IPv4. CIDR notation is accepted. By default, the value is blank, meaning there are no addresses to skip. |
Regular expression
Both parameters
dome:pattern
anddome:exclusion-pattern
do not use query string parameters
Upgrading the module
Upgrading to 3+
Starting with version 3.0.0,
dome:exclusion- pattern
updated
Considering the following URL: schema://subdomain.domain.com/path
- For versions up to 2.19.0,
dome:exclusion-pattern
supported only thepath
exclusion. - Versions 3.0.0 and above support full
URL
exclusion.
When upgrading, make sure you validate your exclusion pattern to match accordingly.
FAQ
Can I upgrade the module?
To upgrade the DataDome Module you need to add the new .dll file in your bin folder.
Caution: if you upgrade from a version older than 2.3, you need to change some of the settings' names.
Can I get Bot Name, Bot Type and Bot/Human flags in my application?
DataDome module can inject headers in the HTTP request that can be read by your application.
For IIS, check if "Server roles -> Web Server (IIS)-> Web Server -> Common HTTP Features-> Health and diagnostics-> Custom logging" is enabled.
You can find more information here.
How can I activate debug logs?
You can configure tracing by editing the application's configuration Web.config
file. Below is a sample of an edited Web.config
.
For more information on these settings, refer to the following documentation.
<configuration>
[...]
<system.diagnostics>
<trace autoflush="true" />
<sources>
<source name="DataDome" switchValue="Information">
<listeners>
<add
name="FileLog"
type="System.Diagnostics.TextWriterTraceListener"
initializeData="/PATH/DataDome.log"
traceOutputOptions="DateTime"
/>
</listeners>
</source>
</sources>
</system.diagnostics>
</configuration>
How can I enable HTML tracing?
Caution: This setting should be applied in the development environment only
The application has its own trace mode. The request's information is rendered to the HTML output. It can be enabled through the below setting:
<configuration>
[...]
<appSettings>
[...]
<add key="dome:trace" value="true" />
</appSettings>
</configuration>
How can I use a proxy?
The module can send the request through your proxy server. This can be enabled by specifying the proxy address in the Web.config
file.
For more information on these settings, refer to the following documentation.
<configuration>
[...]
<system.net>
[...]
<defaultProxy>
<proxy proxyaddress="http://192.168.1.10:3128" />
</defaultProxy>
</system.net>
</configuration>
Updated about 1 month ago