IISFrontGuard.Module 2025.12.25.36

.NET Framework 4.8 This package targets .NET Framework 4.8. The package is compatible with this framework or higher. 
dotnet add package IISFrontGuard.Module --version 2025.12.25.36
                    


                    

                
NuGet\Install-Package IISFrontGuard.Module -Version 2025.12.25.36
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="IISFrontGuard.Module" Version="2025.12.25.36" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
<PackageVersion Include="IISFrontGuard.Module" Version="2025.12.25.36" />
                    


                            Directory.Packages.props
                        

                    

                
<PackageReference Include="IISFrontGuard.Module" />
                    


                            Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package. 
paket add IISFrontGuard.Module --version 2025.12.25.36
                    


                    

                
#r "nuget: IISFrontGuard.Module, 2025.12.25.36"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
#:package IISFrontGuard.Module@2025.12.25.36
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package. 
#addin nuget:?package=IISFrontGuard.Module&version=2025.12.25.36
                    


                            Install as a Cake Addin
                        

                    

                
#tool nuget:?package=IISFrontGuard.Module&version=2025.12.25.36
                    


                            Install as a Cake Tool

IISFrontGuard Module

Build Status NuGet

Overview

IISFrontGuard is an enterprise-grade IIS HTTP Module that provides comprehensive web application security for ASP.NET applications running on .NET Framework 4.8. It integrates seamlessly with IIS to provide multiple layers of protection against common web threats.

Features

  • Web Application Firewall (WAF): Custom rule-based request filtering with pattern matching
  • Rate Limiting: Protect against DDoS and brute-force attacks with configurable rate limits
  • Geographic IP Filtering: Block or allow traffic based on country of origin using GeoIP2
  • Security Event Logging: Comprehensive logging to SQL database for audit and compliance
  • Webhook Notifications: Real-time security event notifications to external systems
  • Interactive Challenges: CAPTCHA-like challenges for suspicious requests
  • Request Encryption: Support for encrypted request validation

Installation

Via NuGet Package Manager

Install-Package IISFrontGuard.Module

Via .NET CLI

dotnet add package IISFrontGuard.Module

Via Package Manager Console

PM> Install-Package IISFrontGuard.Module

Note: The package will automatically update your Web.config with required settings and open a getting started guide.

Configuration

1. Database Setup

Execute the included SQL script to create the required database tables:

-- Located in: Content\Scripts\init.sql

2. Web.config Configuration

The package automatically configures your Web.config during installation with the following default settings. Please review and update as needed:

<configuration>
  <connectionStrings>
    <add name="IISFrontGuard"
         connectionString="Data Source=.;Initial Catalog=IISFrontGuard;Integrated Security=True;TrustServerCertificate=True;" />
  </connectionStrings>
  
  <appSettings>
    
    <add key="GlobalLogger.DefaultConnectionStringName" value="IISFrontGuard" />
    <add key="GlobalRequestEncryptionKey" value="YOUR-16-CHAR-KEY" />

    
    <add key="RateLimitMaxRequestsPerMinute" value="150" />
    <add key="RateLimitWindowSeconds" value="60" />

    
    <add key="TrustedProxyIPs" value="" />

    
    <add key="Webhook.Enabled" value="false" />
    <add key="Webhook.Url" value="" />
    <add key="Webhook.AuthHeader" value="" />
    <add key="Webhook.CustomHeaders" value="" />
    <add key="Webhook.FailureLogPath" value="C:\Logs\webhook-failures.log" />
  </appSettings>
  
  <system.webServer>
    <modules>
      <add name="FrontGuardModule"
           type="IISFrontGuard.Module.FrontGuardModule, IISFrontGuard.Module"
           preCondition="managedHandler,runtimeVersionv4.0" />
    </modules>
    
    
    <httpProtocol>
      <customHeaders>
        <remove name="X-Powered-By" />
      </customHeaders>
    </httpProtocol>
  </system.webServer>
  
  <system.web>
    
    <httpRuntime enableVersionHeader="false" />
  </system.web>
</configuration>

3. GeoIP Database

The package includes a GeoLite2-Country database. To keep it updated:

  1. Register for a free MaxMind account at https://www.maxmind.com/
  2. Run the included UpdateGeoDb.bat script with your license key

Usage

Creating WAF Rules

Add custom WAF rules to the database:

INSERT INTO WafRules (Name, Priority, IsEnabled, Action, Conditions)
VALUES ('Block SQL Injection', 100, 1, 'Block', 
  '[{"Field":"QueryString","Operator":"Contains","Value":"UNION SELECT"}]');

Rate Limiting

Configure rate limits in Web.config:

<add key="RateLimitMaxRequestsPerMinute" value="150" />
<add key="RateLimitWindowSeconds" value="60" />

Geographic Filtering

Configure country blocking/allowing via database WAF rules:

INSERT INTO WafRules (Name, Priority, IsEnabled, Action, Conditions)
VALUES ('Block Specific Countries', 50, 1, 'Block',
  '[{"Field":"Country","Operator":"Equals","Value":"CN,RU,KP"}]');

Requirements

  • .NET Framework 4.8
  • IIS 7.0 or later
  • SQL Server 2012 or later

Uninstallation

To remove IISFrontGuard from your application:

Uninstall-Package IISFrontGuard.Module

The uninstall process will automatically:

  • Remove module registration from web.config
  • Remove security header configurations
  • Remove connection strings and app settings
  • Create a backup of your web.config

Manual cleanup required:

  • Database tables (see UNINSTALL_GUIDE.md)
  • Content files (GeoIP database, scripts, documentation)
  • Log files

For complete uninstallation instructions, see UNINSTALL_GUIDE.md included in the package.

Support

For issues, questions, or contributions, please visit:

License

This project is licensed under the MIT License.

Author

IISFrontGuard Team

Changelog

Version 1.0.0

  • Initial release
  • WAF functionality with custom rules
  • Rate limiting support
  • GeoIP filtering
  • Security event logging
  • Webhook notifications
  • Automatic security header management
  • Complete uninstallation support
Product Compatible and additional computed target framework versions.
.NET Framework net48 is compatible.  net481 was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last Updated
2025.12.25.36 0 12/25/2025
2025.12.25.25 4 12/25/2025
2025.12.25.24 4 12/25/2025
2025.12.24.15 34 12/24/2025
2025.12.24.14 33 12/24/2025
2025.12.24.13 42 12/24/2025
2025.12.24.12 34 12/24/2025
2025.12.24.11 30 12/24/2025
2025.12.24.10 27 12/24/2025
2025.12.24.9 26 12/24/2025
2025.12.24.8 31 12/24/2025

Initial release with WAF, rate limiting, GeoIP filtering, automatic security header management, and webhook notification support.