Switched to using a common package for filtering

Author: kenkendk

DuplicatiIngress.csproj

@@ -23,6 +23,8 @@
     <PackageReference Include="SharpAESCrypt" Version="2.0.2" />
     <PackageReference Include="UuidExtensions" Version="1.2.0" />
     <PackageReference Include="RobotsTxtCore" Version="3.0.0" />
+
+      <PackageReference Include="SimpleSecurityFilter" Version="1.0.2" />
   </ItemGroup>
 
 </Project>

Program.cs

@@ -27,6 +27,7 @@
 using Serilog;
 using Serilog.Core;
 using Serilog.Events;
+using SimpleSecurityFilter;
 
 var builder = WebApplication.CreateBuilder(args);
 
@@ -85,6 +86,9 @@
 
 builder.Services.AddHttpContextAccessor();
 
+var securityconfig = builder.Configuration.GetSection("Security").Get<SimpleSecurityOptions>();
+builder.AddSimpleSecurityFilter(securityconfig, msg => Log.Warning(msg));
+
 // Load encryption keys
 var encryptionKeys = builder.Configuration.GetSection("EncryptionKey")
     .GetChildren()
@@ -164,7 +168,7 @@
     };
 });
 
-app.UseSecurityFilter();
+app.UseSimpleSecurityFilter(securityconfig);
 
 app.MapPost("/backupreports/{token}",
     async ([FromServices] IngressHandler handler, [FromRoute] string token, CancellationToken ct) =>

README.md

@@ -36,14 +36,17 @@ The ingress server is intended to have very few moving parts and generally just
 
 The following environment variables are optional, and should be considered for a production deployment:
 
-| Variable                         | Description                                                                   |
-| -------------------------------- | ----------------------------------------------------------------------------- |
-| ENVIRONMENT\_\_HOSTNAME          | The server hostname for logging purposes                                      |
-| ENVIRONMENT\_\_MACHINENAME       | Name of the machine for logging purposes                                      |
-| ENVIRONMENT\_\_REDIRECTURL       | Url to redirect to when visiting the root path                                |
-| PRECONFIGUREDTOKENS\_\_STORAGE   | The KVPSButter connection string to the storage that contains an IP blacklist |
-| PRECONFIGUREDTOKENS\_\_WHITELIST | The key that contains the IP blacklist                                        |
-| PRECONFIGUREDTOKENS\_\_BLACKLIST | The key that contains the IP blacklist                                        |
+| Variable                              | Description                                                                    |
+| ------------------------------------- | ------------------------------------------------------------------------------ |
+| ENVIRONMENT\_\_HOSTNAME               | The server hostname for logging purposes                                       |
+| ENVIRONMENT\_\_MACHINENAME            | Name of the machine for logging purposes                                       |
+| ENVIRONMENT\_\_REDIRECTURL            | Url to redirect to when visiting the root path                                 |
+| PRECONFIGUREDTOKENS\_\_STORAGE        | The KVPSButter connection string to the storage that contains an IP blacklist  |
+| PRECONFIGUREDTOKENS\_\_WHITELIST      | The key that contains the IP blacklist                                         |
+| PRECONFIGUREDTOKENS\_\_BLACKLIST      | The key that contains the IP blacklist                                         |
+| SECURITY\_\_MAXREQUESTSPERSECONDPERIP | The maximum number of request from a single IP per second before throttling it |
+| SECURITY\_\_FILTERPATTERNS            | Boolean toggling filtering of scanning patterns                                |
+| SECURITY\_\_RATELIMITENABLED          | Boolean toggling if IP rate limiting is enabled                                |
 
 ## Setting Up Local Development Environment