Customers who sign-up prior to 30/06/2024 get unlimited access to free features, newer features (with some restrictions), but for free for at least 1 year.Sign up now! https://webveta.alightservices.com/

Month: July 2023

Categories
Apache Security

ASP.Net MVC Core on Apache and more

Apache webserver is very popular web server, NGinx is also popular. I have used NGinx in the past as a proxy for ASP.Net MVC Core web applications that were developed by me – SimplePass, PodDB, WebVeta.

I have used Apache in some situations such as self-hosted Grafana and planning to use for self-hosted Jenkins. Apache is very customizable with plugins.

In the self-hosted Grafana use-case, I wanted MFA authentication, I have used auth_openidc module of Apache for adding a security layer. Now, my Google login is protected by YubiKey Bio – Biometric Authentication MFA and by using this technique, my Grafana instance has been protected with the same level of biometric authentication.

auth_openidc

A quickstart on how to use auth_openidc is available at: https://auth0.com/docs/quickstart/webapp/apache/01-login

When running ASP.Net core applications, NGinx / Apache or any other web server that can act as a proxy can forward requests to Kestrel server (usually port 5000, but configurable).

<VirtualHost *:*>
    RequestHeader set "X-Forwarded-Proto" expr=%{REQUEST_SCHEME}s
</VirtualHost>

<VirtualHost *:80>
    ProxyPreserveHost On
    ProxyPass / http://127.0.0.1:5000/
    ProxyPassReverse / http://127.0.0.1:5000/
    ServerName www.domain.com
    ServerAlias *.domain.com
    ErrorLog ${APACHE_LOG_DIR}/app-error.log
    CustomLog ${APACHE_LOG_DIR}/app-access.log common
</VirtualHost>

Here are a list of interesting Apache modules, I personally have not used these yet, but thought are very interesting.

ModSecurity: WAF (Web Application Firewall)

mod_alias – Provides for mapping different parts of the host filesystem in the document tree and for URL redirection
mod_allowmethods – Easily restrict what HTTP methods can be used on the server
mod_cache – RFC 2616 compliant HTTP caching filter.
mod_evasive – Evasive maneuvers module for Apache to provide evasive action in the event of an HTTP DoS or DDoS attack or brute force attack. Also designed to be a detection and network management tool.
mod_file_cache – Caches a static list of files in memory
mod_headers – Customization of HTTP request and response headers
mod_honeypot – Blocks requests from IP addresses blacklisted by Project Honey Pot.
mod_http2 – Support for the HTTP/2 transport layer
mod_ipblock – CIDR-based IPv4 address blocking.
mod_log_config – Logging of the requests made to the server.
mod_log_debug – Additional configurable debug logging
mod_log_forensic – Forensic Logging of the requests made to the server
mod_logio – Logging of input and output bytes per request

mod_ratelimit – Bandwidth Rate Limiting for Clients

The above list is NOT exhaustive, but definitely helpful for web server defense, forensic logging etc… I plan to use some of these in the future.

References:

https://en.wikipedia.org/wiki/List_of_Apache_modules

https://httpd.apache.org/docs/2.4/mod/

https://auth0.com/docs/quickstart/webapp/apache/01-login

https://learn.microsoft.com/en-us/aspnet/core/host-and-deploy/linux-apache?view=aspnetcore-7.0

Mr. Kanti Kalyan Arumilli

Arumilli Kanti Kalyan, Founder & CEO
Arumilli Kanti Kalyan, Founder & CEO

B.Tech, M.B.A

Facebook

LinkedIn

Threads

Instagram

Youtube

Founder & CEO, Lead Full-Stack .Net developer

ALight Technology And Services Limited

ALight Technologies USA Inc

Youtube

Facebook

LinkedIn

Phone / SMS / WhatsApp on the following 3 numbers:

+91-789-362-6688, +1-480-347-6849, +44-07718-273-964

+44-33-3303-1284 (Preferred number if calling from U.K, No WhatsApp)

kantikalyan@gmail.com, kantikalyan@outlook.com, admin@alightservices.com, kantikalyan.arumilli@alightservices.com, KArumilli2020@student.hult.edu, KantiKArumilli@outlook.com and 3 more rarely used email addresses – hardly once or twice a year.

Categories
.Net C#

Polly library for writing resilient .Net code

Polly is a .Net library for writing resilient .Net code. The library can be found at: https://github.com/App-vNext/Polly.

Most of yesterday and this morning, I have been playing around with this library and found the library very useful.

When we develop modern web applications, we consume various services such as internal or 3rd party REST / SOAP / gRPC services. Sometimes, the 3rd party service might be intermittently unavailable. Polly allows a fluid way of re-writing resilient code.

There are several different policies available in Polly, but I liked Retry, Timeout, RateLimit, Cache, PolicyWrap.

The extensive documentation is very well-written and thanks to the 70 contributors who have put in effort for making a perfectly useful library and extensive documentation.

The retry policy, allows retrying multiple times, we can even specify how many times to retry, how long to wait before each retry etc…

Getting started code:

var retryThricePolicy = Policy.Handle<Exception>().Retry(2);

retryThricePolicy.Execute(() => {
      DoSomething()
   }
);

In the above code, we defined a policy to retry two more times if an Exception is thrown, we are not introducing any delay – not recommended for Production, because we want to use Exponential Backoff strategy.

The next line of code we are using the policy to execute the method DoSomething. In reality, we can have few more lines of code.

For introducing delay instead of Retry, we can use WaitAndRetry().

Timeout() is for handling timeouts.

Cache() for write-through caching strategy.

RateLimit for handling rate limits i.e x number of request per second or per minute etc…

PolicyWrap for a combination of policies.

Carefully by observing and implementing this pattern, lot of routine boiler plate code can be removed and code can be made more consistent.

I might make another blog post in the future on the usage of Func, Action and how Polly type of code can be written, and how some routine boiler plate code can be avoided.

For example, look at the following code:

try
{
   DoSomething();
   DoSomethingElse();
}
catch(Exception e)
{
   logger.Error(message, e);
}

Instead we can implement something like this:

public static void Invoke(Action action, bool reThrow = false)
{
   try {
      action();
   }
   catch (Exception e) {
      logger.LogError(e);
      if (reThrow) throw;
   }
}

Now the code can be something like:

Invoke(() => {
   DoSomething();
   DoSomethingElse();
});

For 2 lines of code, we wrote some boiler code and ended up with 9 lines of code i.e 7 lines of overhead code.

By using a Invoke() helper method, the overhead has been significantly reduced.

This pattern can be used in several situations.

Mr. Kanti Kalyan Arumilli

Arumilli Kanti Kalyan, Founder & CEO
Arumilli Kanti Kalyan, Founder & CEO

B.Tech, M.B.A

Facebook

LinkedIn

Threads

Instagram

Youtube

Founder & CEO, Lead Full-Stack .Net developer

ALight Technology And Services Limited

ALight Technologies USA Inc

Youtube

Facebook

LinkedIn

Phone / SMS / WhatsApp on the following 3 numbers:

+91-789-362-6688, +1-480-347-6849, +44-07718-273-964

+44-33-3303-1284 (Preferred number if calling from U.K, No WhatsApp)

kantikalyan@gmail.com, kantikalyan@outlook.com, admin@alightservices.com, kantikalyan.arumilli@alightservices.com, KArumilli2020@student.hult.edu, KantiKArumilli@outlook.com and 3 more rarely used email addresses – hardly once or twice a year.

Categories
.Net C#

Easily send alerts to Slack channel using C# and Incoming WebHooks Custom Integration

In this blog post, I am going to show a very simple example of how to send alerts to a Slack channel using C#.

Add a custom integration in Slack, search for Incoming WebHooks and add the custom integration. Make a note of the URL and as much as possible, consider the URL like sensitive information and store in a secret location, the reason – anyone can start sending fake messages / spam. But that’s beyond the scope of the article.

Now let’s look at some C# code:

public class Message
{
    [JsonProperty("text")]
    public string Text { get; set; }
}

In the above code, we have defined a class called Message, with a property known as Text for holding the message.

var url = "https://hooks.slack.com/services/xxx/xxxx/xxxx";
var message = new Message { Text = "Hello!" };

using (WebClient client = new WebClient())
{
    NameValueCollection data = new NameValueCollection();
    data["payload"] = JsonConvert.SerializeObject(payload);

    var response = client.UploadValues(url, "POST", data);
}

Very simple and easy to use. As part of the plan to stabilize and prepare for the production launch of WebVeta, I have been reviewing some security measures and alerts, which are developed and implemented by me at my own startup(s) – ALight Technology And Services Limited and ALight Technologies USA Inc. While reviewing I found some possible security lapses and wanted to close / minimize the security risks and implement some additional internal custom-built intrusion monitoring, alerting, preventing system. Apart from emails, I though of adding Slack and Slack integration seems very simple and straightforward.

Mr. Kanti Kalyan Arumilli

Arumilli Kanti Kalyan, Founder & CEO
Arumilli Kanti Kalyan, Founder & CEO

B.Tech, M.B.A

Facebook

LinkedIn

Threads

Instagram

Youtube

Founder & CEO, Lead Full-Stack .Net developer

ALight Technology And Services Limited

ALight Technologies USA Inc

Youtube

Facebook

LinkedIn

Phone / SMS / WhatsApp on the following 3 numbers:

+91-789-362-6688, +1-480-347-6849, +44-07718-273-964

+44-33-3303-1284 (Preferred number if calling from U.K, No WhatsApp)

kantikalyan@gmail.com, kantikalyan@outlook.com, admin@alightservices.com, kantikalyan.arumilli@alightservices.com, KArumilli2020@student.hult.edu, KantiKArumilli@outlook.com and 3 more rarely used email addresses – hardly once or twice a year.