How to protect service against denial of service attacks

J.D. Meier, Jason Taylor, Prashant Bansode, Carlos Farre, Madhu Sundararajan, Steve Gregersen.

Protect against denial of service attacks by limiting message sizes, and using quotas to restrict memory consumption by WCF.

Restrict the message size that is processed by WCF using the maxReceivedMessageSize configuration present in the bindings
<binding name="wsHttpEndpointBindingconfig" 
     maxReceivedMessageSize="65535">
     <security>
      <message negotiateServiceCredential="false" />
     </security>
 </binding>

Restrict the buffer size used by WCF using the maxBufferPoolSize configuration present in the bindings
<binding name="wsHttpEndpointBindingconfig" maxBufferPoolSize="524287"
     maxReceivedMessageSize="65535">
     <security>
      <message negotiateServiceCredential="false" />
     </security>
</binding>

In streaming scenarios use the reader quotas to limit the size of arrays with maxArrayLength , the length of the string in XML elements with maxStringContentLength, the maximum depth of the XML node with maxDepth, the maximum bytes to be read with maxBytesPerRead and the maximum number of characters in a table with maxNameTableCharCount.
<basicHttpBinding>
        <binding name="BasicBindingConfiguration">
          <readerQuotas maxDepth="2" maxStringContentLength="200" maxArrayLength="2000"
            maxBytesPerRead="1000" maxNameTableCharCount="1000" />
          <security mode="Transport">
            <transport clientCredentialType="None" />
          </security>
        </binding>
 </basicHttpBinding>

Last edited May 8, 2008 at 7:17 AM by prashantbansode, version 1

Comments

No comments yet.