adding examples and making modifications #1070
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
adding examples and making modifications
tdykstra
approved these changes
Oct 22, 2024
|
|
||
|  | ||
|
|
||
| Now when making request from browser: |
There was a problem hiding this comment.
Suggested change
| Now when making request from browser: | |
| Now when making a request from browser: |
|
|
||
| The “Allow” action configured above means that any IP address is okay to send requests and that the rules configured specify on which conditions these allowed IPs will be denied access. | ||
|
|
||
| As you noticed, site level config of “Allow” overridden IIS’s level “Deny”, and site's level config of “Forbidden” overridden IIS's level config of “Not Found”, and hence 403 status code was sent instead of 404. |
There was a problem hiding this comment.
Curly quotes (“”) should be changed to straight quotes (") throughout.
|
|
||
|  | ||
|
|
||
| Each colored line (example highlighted) represents the lifetime of one request. The rule specifies two conditions as you can see. This means that any condition that gets met first then the denial will be applied. The rule will allow only up to two requests within 200 msec, and any further requests within this timeframe will be denied. As can be seen, the third request was triggered almost 20 msec after the first one, meaning now we have more than two requests within the 200 msec frame and hence the third one will be denied, and so will be the 4th and 5th and 6th. |
There was a problem hiding this comment.
Suggested change
| Each colored line (example highlighted) represents the lifetime of one request. The rule specifies two conditions as you can see. This means that any condition that gets met first then the denial will be applied. The rule will allow only up to two requests within 200 msec, and any further requests within this timeframe will be denied. As can be seen, the third request was triggered almost 20 msec after the first one, meaning now we have more than two requests within the 200 msec frame and hence the third one will be denied, and so will be the 4th and 5th and 6th. | |
| Each colored line (example highlighted) represents the lifetime of one request. The rule specifies two conditions as you can see. This means that any condition that gets met first then the denial will be applied. The rule will allow only up to two requests within 200 msec, and any further requests within this timeframe will be denied. As can be seen, the third request was triggered almost 20 msec after the first one, meaning now we have more than two requests within the 200 msec frame and hence the third one will be denied, and so will the 4th and 5th and 6th. |
|
|
||
| 2024-07-22 14:17:48 ::1 GET /Content/bootstrap.min.css.map - 8090 - ::1 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/126.0.0.0+Safari/537.36+Edg/126.0.0.0 - 403 502 0 0 | ||
|
|
||
| Http status code for denied requests in this example will be 403 and sub status code will be 502. This way you can tell the difference between normal Forbidden status code set by the application code and between the Forbidden set by the IIS IP Restrictions feature. |
There was a problem hiding this comment.
Suggested change
| Http status code for denied requests in this example will be 403 and sub status code will be 502. This way you can tell the difference between normal Forbidden status code set by the application code and between the Forbidden set by the IIS IP Restrictions feature. | |
| Http status code for denied requests in this example will be 403 and sub status code will be 502. This way you can tell the difference between normal Forbidden status code set by the application code and the Forbidden set by the IIS IP Restrictions feature. |
| 501 -> Dynamic IP Restriction: too many concurrent requests were made from the same client IP. | ||
| 502 -> Dynamic IP Restriction: the maximum number of requests from the same client IP within a specified time limit was reached. | ||
|
|
||
| Above codes are documented here: HTTP status code overview - Internet Information Services | Microsoft Learn |
There was a problem hiding this comment.
Suggested change
| Above codes are documented here: HTTP status code overview - Internet Information Services | Microsoft Learn | |
| The preceding codes are documented here: HTTP status code overview - Internet Information Services | Microsoft Learn |
It looks like this should be a link.
|
|
||
| ## Enable Logging Only Mode: | ||
|
|
||
| Now in case of “Enable Logging Only Mode” there will be no clients denied by this feature, meaning status code will be the expected result (normally 200 but it also depends on your application) and clients will receive the expected normal response, however, substatus code indicating that one of the two conditions was met will be logged in IIS logs. Below is an example: |
There was a problem hiding this comment.
Suggested change
| Now in case of “Enable Logging Only Mode” there will be no clients denied by this feature, meaning status code will be the expected result (normally 200 but it also depends on your application) and clients will receive the expected normal response, however, substatus code indicating that one of the two conditions was met will be logged in IIS logs. Below is an example: | |
| Now in the case of “Enable Logging Only Mode” there will be no clients denied by this feature, meaning the status code will be the expected result (normally 200 but it also depends on your application) and clients will receive the expected normal response, however, the substatus code indicating that one of the two conditions was met will be logged in IIS logs. Below is an example: |
tdykstra
reviewed
Oct 23, 2024
There was a problem hiding this comment.
For guidance on what screenshots should look like, see https://review.learn.microsoft.com/en-us/help/contribute/contribute-how-to-create-screenshot?branch=main
In particular, red outline boxes are prescribed for calling attention to a part of the image, rather than yellow highlighting. I wouldn't reject the PR on that basis, but it's worth knowing about for any screenshots created or edited in the future.
There was a problem hiding this comment.
It would be preferable to make the red arrow into the prescribed red outline box or a better arrow, and blackout using a rectangle rather than freeform hand-drawn black highlighting. image-3.png looks better in this respect, although to me it seems strange to call attention to a blacked out section of the screenshot.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
adding examples and making modifications