IIS
Before the regular IIS process starts, the module makes a call to the DataDome API using a KeepAlive connection.
Depending on the API response, the module will either block the query or let the IIS proceed with the regular process.
The module has been developed to protect the users' experience: if any errors were to occur during the process or if the timeout is reached, the module will automatically disable its blocking process and allow those hits.
Compatibility
This module is compatible with .NET Framework 3.5 or later and can be executed using any web server with support for ASP.NET HTTP Modules (e.g. IIS 6+, IIS Express, XSP, Apache with mod_mono).
DataDome integration has been successfully tested on Azure VM and Azure WebApp.
Prerequisites
In order for DataDome to run, the following features should be installed on the IIS server:
- ASP.net
- HTTP Activation
- ISAPI
Installation
DataDome supports for integrating with IIS:
- System.web installation: Module System.web
Settings
| Settings | Description | Default |
|---|---|---|
| dome:domain | API endpoint URL Available endpoints | api.datadome.co |
| dome:protocol | API endpoint protocol | https |
| dome:pattern | Regular expression to include URLs | N/A |
| dome:exclusion-pattern | Regular expression to exclude URLs | exclude static assets see below |
| dome:license | License key to access the API | |
| dome:timeout | API connection timeout (in milliseconds) | 150 |
| dome:processIPs | Only process requests that are from selected IP addresses over the API server. This is a comma-separated list of IPv4. CIDR notation is accepted. By default, the value includes blank addresses, similar to 0.0.0.0/0,::/0 | N/A |
| dome:skipIPs | Do not send requests coming from specified IP addresses to the API server. This is a comma-separated list of IPv4. CIDR notation is accepted. By default, the value is blank, meaning there are no addresses to skip. |
\.(avi|avif|bmp|css|eot|flac|flv|gif|gz|ico|jpeg|jpg|js|json|less|map|mka|mkv|mov|mp3|mp4|mpeg|mpg|ogg|ogm|opus|otf|png|svg|svgz|swf|ttf|wav|webm|webp|woff|woff2|xml|zip)$
Regular expression
Both parameters
dome:patternanddome:exclusion-patterndo not use query string parameters
Below is an example configuration to exclude some images extension from module protection:
<add key="dome:exclusion-pattern" value="\.(gif|ico|jpg|png)$" />
Upgrading the module
Upgrading to 3+
Starting with version 3.0.0,
dome:exclusion-patternupdated
Considering the following URL: schema://subdomain.domain.com/path
- For versions up to 2.19.0,
dome:exclusion-patternsupported only thepathexclusion. - Versions 3.0.0 and above support full
URLexclusion.
When upgrading, make sure you validate your exclusion pattern to match accordingly.
FAQ
Can I upgrade the module?
To upgrade the DataDome Module you need to add the new .dll file in your bin folder.
Caution: if you upgrade from a version older than 2.3, you need to change some of the settings' names.
How to configure custom HTTP Errors with DataDome IIS module?
The DataDome Module is compatible with httpError. The <httpErrors> element allows custom error configuration messages for the Web site or application.
- To be able to render our challenge, set
existingResponse="Auto":
<httpErrors errorMode="Custom" defaultResponseMode="ExecuteURL" existingResponse="Auto">
Can I get Bot Name, Bot Type and Bot/Human flags in my application?
The DataDome module inject headers in the HTTP request that can be read by IIS. You can find more information here.
Pré-requis :
- Server role Web Server (IIS)-> Web Server -> Common HTTP Features-> Health and diagnostics -> Custom Logging need to be installed
- Open Internet Information Services (IIS)
- Click on Logging
- Click on Select Fields
- For each fields, you want to log, add a new line with :
- Source Type : Request Header
- Source: Log enrichment header (
X-DataDome-isbotfor instance) - Log Field: Same of Source (
X-DataDome-isbotfor instance)
- Click on Ok. The configuration is applied directly without a need to restart IIS.
How can I activate debug logs?
You can configure tracing by editing the application's configuration Web.config file. Below is a sample of an edited Web.config.
For more information on these settings, refer to the following documentation.
<configuration>
[...]
<system.diagnostics>
<trace autoflush="true" />
<sources>
<source name="DataDome" switchValue="Information">
<listeners>
<add
name="FileLog"
type="System.Diagnostics.TextWriterTraceListener"
initializeData="/PATH/DataDome.log"
traceOutputOptions="DateTime"
/>
</listeners>
</source>
</sources>
</system.diagnostics>
</configuration>
How can I enable HTML tracing?
Caution: This setting should be applied in the development environment only
The application has its own trace mode. The request's information is rendered to the HTML output. It can be enabled through the below setting:
<configuration>
[...]
<appSettings>
[...]
<add key="dome:trace" value="true" />
</appSettings>
</configuration>
How can I use a proxy?
The module can send the request through your proxy server. This can be enabled by specifying the proxy address in the Web.config file.
For more information on these settings, refer to the following documentation.
<configuration>
[...]
<system.net>
[...]
<defaultProxy>
<proxy proxyaddress="http://192.168.1.10:3128" />
</defaultProxy>
</system.net>
</configuration>
Updated about 2 months ago