Alstra.ScanBlockPlugin 1.0.0

.NET Standard 2.1 This package targets .NET Standard 2.1. The package is compatible with this framework or higher. 
dotnet add package Alstra.ScanBlockPlugin --version 1.0.0                

                    
                

            
NuGet\Install-Package Alstra.ScanBlockPlugin -Version 1.0.0
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="Alstra.ScanBlockPlugin" Version="1.0.0" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
paket add Alstra.ScanBlockPlugin --version 1.0.0                

                    
                

            
#r "nuget: Alstra.ScanBlockPlugin, 1.0.0"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
// Install Alstra.ScanBlockPlugin as a Cake Addin
#addin nuget:?package=Alstra.ScanBlockPlugin&version=1.0.0

// Install Alstra.ScanBlockPlugin as a Cake Tool
#tool nuget:?package=Alstra.ScanBlockPlugin&version=1.0.0

ScanBlocker Plugin

Overview

The ScanBlocker Plugin is a vulnerability scanner blocking plugin designed for ServiceStack.

It intercepts incoming HTTP requests to your ServiceStack services to analyze them to determine if they match known patterns used by vulnerability scanners.

Features

  • Automatic Detection: Automatically detects and blocks requests on paths used by vulnerability scanners.
  • Customizable: Allows customization of paths, keywords, allow lists, etc.

Installation

To install the ScanBlocker Plugin, add the following NuGet package to your project: Alstra.ScanBlocker

Usage

To use the ScanBlocker Plugin, register it in your ServiceStack AppHost:

public override void Configure(Container container)
{
    Plugins.Add(new ScanBlockerPlugin(new()
    {
        // Allow authenticated users to access the host score listing
        AllowHostScoreListing = request => (request.SessionAs<User>() is { IsAuthenticated: true }),
        // Skip scores for logged in users
        SkipHostScoringForRequest = request => (request.SessionAs<User>() is { IsAuthenticated: true }),
        // Skip scores for internal requests
        PermanentlyAllowedHosts = ["123.456.789.10", "example.com"],
        // Use a custom URL for viewing host scores
        HostScoreListingPath = "/host-scores", // defaults to "/scanblock/hosts"
        // Log requests that got a score. Can fire twice for a request if it hits both GlobalRequestFilters and CatchAllHandlers
        OnScoredRequest = (req, reason) => Log.Warning(reason),
        // Log blocked requests
        OnBlockedRequest = (request, reason) => Log.Warning(reason),
    }));
}

How it works

Here's a step-by-step breakdown of the process:

  1. Request Interception: The plugin intercepts each incoming HTTP request to your ServiceStack services using global request filters and catch-all handlers.
  2. Pattern Matching: It checks the request against a list of known paths, keywords, and other patterns commonly used by vulnerability scanners.
  3. Custom Rules: You can define custom rules to allow or block specific requests based on your application's requirements. This includes allowing authenticated users, skipping scores for logged-in users, and permanently allowing certain hosts.
  4. Scoring: The plugin maintains a score for each host (IP address) based on the requests it makes. Score is calculated for the last 7 days. Restarting the server (or using ScanBlockerPlugin.ResetScores()) resets the scores. Only unique reasons per day are scored.
  5. Blocking: If a host's score for the last 7 days exceeds a configurable threshold, the plugin blocks further requests from that host by returning a ServiceUnavailable status. If a host exceeds 100 points, it will neither receive nor lose scores and is blocked permanently.

Compatibility

The ScanBlocker Plugin is compatible with ServiceStack 8.4+ and .NET Standard 2.1

License

MIT

Product Compatible and additional computed target framework versions.
.NET net5.0 was computed.  net5.0-windows was computed.  net6.0 was computed.  net6.0-android was computed.  net6.0-ios was computed.  net6.0-maccatalyst was computed.  net6.0-macos was computed.  net6.0-tvos was computed.  net6.0-windows was computed.  net7.0 was computed.  net7.0-android was computed.  net7.0-ios was computed.  net7.0-maccatalyst was computed.  net7.0-macos was computed.  net7.0-tvos was computed.  net7.0-windows was computed.  net8.0 was computed.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed.  net9.0 was computed.  net9.0-android was computed.  net9.0-browser was computed.  net9.0-ios was computed.  net9.0-maccatalyst was computed.  net9.0-macos was computed.  net9.0-tvos was computed.  net9.0-windows was computed. 
.NET Core netcoreapp3.0 was computed.  netcoreapp3.1 was computed. 
.NET Standard netstandard2.1 is compatible. 
MonoAndroid monoandroid was computed. 
MonoMac monomac was computed. 
MonoTouch monotouch was computed. 
Tizen tizen60 was computed. 
Xamarin.iOS xamarinios was computed. 
Xamarin.Mac xamarinmac was computed. 
Xamarin.TVOS xamarintvos was computed. 
Xamarin.WatchOS xamarinwatchos was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last updated
1.0.0 299 1/22/2025