RequestAnalyzer 1.0.3

RequestAnalyzer

A powerful .NET library for comprehensive HTTP request analysis with built-in security detection, device identification, and proxy chain analysis.

Features

• Comprehensive Request Analysis: Extract IP address, device type, browser information, and more
• Security Detection: VPN detection, suspicious request analysis with confidence scoring
• Bot Detection: Detect bots and automated traffic with confidence scores
• Proxy Chain Analysis: Detect and analyze proxy chains
• Device Detection: Automatic device type identification (Desktop, Mobile, Tablet)
• Correlation ID: Automatic correlation ID generation and discovery
• Easy Integration: Simple dependency injection integration
• Geo-Location: Country detection and Tor network identification

Installation

dotnet add package RequestAnalyzer

Quick Start

Basic Setup

using RequestAnalyzer;

var builder = WebApplication.CreateBuilder(args);

// Add RequestAnalyzer services with default (secure) settings
builder.Services.AddRequestAnalyzer();

var app = builder.Build();

app.Run();

⚠️ Note: Default settings are secure by default and will block development tools (Postman, curl, etc.). For development, use environment-based configuration (recommended) or manually enable dev tools.

Environment-Based Configuration (Recommended)

Automatically configures security settings based on the environment:

// Automatic configuration based on environment
builder.Services.AddRequestAnalyzer(builder.Environment);

// With optional overrides
builder.Services.AddRequestAnalyzer(builder.Environment, options =>
{
    // Override specific settings if needed
    options.VPNConfidenceThreshold = 80;
});

Default Settings by Environment:

What This Means:

• Development: Postman, curl, Swagger, Insomnia → ✅ Allowed (score = 0)
• Staging: Dev tools get scored → ⚠️ May be blocked (15-50 points)
• Production: Dev tools get scored → 🚫 Likely blocked (threshold = 30)

Manual Configuration

// Configure RequestAnalyzer with custom options
builder.Services.AddRequestAnalyzer(options =>
{
    options.AllowDevelopmentTools = true;
    options.EnableVPNDetection = true;
    options.VPNConfidenceThreshold = 80;
    options.SuspiciousRequestScoreThreshold = 70;
});

Usage

Inject and Use RequestAnalyzer

using RequestAnalyzer;
using Microsoft.AspNetCore.Mvc;

public class MyController : ControllerBase
{
    private readonly RequestAnalyzer.RequestAnalyzer _requestAnalyzer;

    public MyController(RequestAnalyzer.RequestAnalyzer requestAnalyzer)
    {
        _requestAnalyzer = requestAnalyzer;
    }

    [HttpGet]
    public IActionResult Get()
    {
        // Access request analysis data
        var clientIP = _requestAnalyzer.IP;
        var deviceType = _requestAnalyzer.Device;
        var isSuspicious = _requestAnalyzer.IsSuspiciousRequest;
        var isUsingVPN = _requestAnalyzer.IsUsingVPN;
        var correlationId = _requestAnalyzer.CorrelationId;
        var browser = _requestAnalyzer.Browser;
        
        return Ok(new { 
            IP = clientIP, 
            Device = deviceType,
            IsSuspicious = isSuspicious,
            IsUsingVPN = isUsingVPN,
            CorrelationId = correlationId,
            Browser = browser.BrowserName,
            OperatingSystem = browser.OperatingSystem
        });
    }
}

Available Properties

Basic Information

• Language (string): Detected language from request headers
• IP (string): Client IP address (automatically detects from best source)
• IsPrivateIP (bool?): Whether the IP is private/internal
• CorrelationId (string): Request correlation ID for tracing
• Device (DeviceType): Device type (Unknown, Desktop, Mobile, Tablet)

Browser Information

• Browser (BrowserInfo): Detailed browser and OS information
  • Browser.BrowserName: Browser name (e.g., "Chrome", "Firefox")
  • Browser.OperatingSystem: OS name (e.g., "Windows", "macOS")
  • Browser.OperatingSystemVersion: OS version

Proxy Chain Analysis

• ProxyChain (IPAddress[]): Array of proxies in the chain
• ProxyCount (int): Number of proxies in the chain
• FirstProxy (IPAddress): First proxy in the chain
• LastProxy (IPAddress): Last proxy in the chain
• IsFromTrustedProxy (bool): Whether request is from trusted proxy

VPN Detection

• IsUsingVPN (bool): Whether client is using VPN
• VPNConfidenceScore (int): Confidence score 0-100

Bot & Threat Detection

• CloudflareCountryCode (string?): Client country code (T1=Tor, XX=Unknown)
• CloudflareRayId (string?): Unique request ID for support/debugging
• CloudflareBotScore (int?): Bot detection score 0-99 (lower = more likely bot)
• CloudflareThreatScore (int?): Threat level 0-100 (higher = more threatening)

Security Analysis

• IsSuspiciousRequest (bool): Whether request is suspicious
• SuspiciousScore (int): Suspicious score 0-100
• SuspiciousReasons (string): Semicolon-separated list of reasons
• IsFromDevelopmentTool (bool): Whether request is from development tool (Postman, curl, etc.)
• DevelopmentToolName (string): Name of the development tool if detected

Usage Examples

VPN Detection

public IActionResult MyAction(RequestAnalyzer analyzer)
{
    // Block VPN users
    if (analyzer.IsUsingVPN)
    {
        return Forbid("VPN usage detected");
    }
    
    // Check confidence level
    if (analyzer.VPNConfidenceScore > 80)
    {
        _logger.LogWarning("High confidence VPN from {IP}", analyzer.IP);
    }
    
    return Ok();
}

Bot Detection

public IActionResult MyAction(RequestAnalyzer analyzer)
{
    // Check bot score (when available)
    if (analyzer.CloudflareBotScore.HasValue && analyzer.CloudflareBotScore < 30)
    {
        return Forbid("Bot detected");
    }
    
    // Check threat level
    if (analyzer.CloudflareThreatScore > 50)
    {
        return Forbid("High threat level");
    }
    
    return Ok();
}

Tor Network Detection

public IActionResult MyAction(RequestAnalyzer analyzer)
{
    // Block Tor traffic
    if (analyzer.CloudflareCountryCode == "T1")
    {
        return Forbid("Tor network not allowed");
    }
    
    return Ok();
}

Suspicious Request Detection

public IActionResult MyAction(RequestAnalyzer analyzer)
{
    if (analyzer.IsSuspiciousRequest)
    {
        _logger.LogWarning("Suspicious request from {IP}: {Reasons}", 
            analyzer.IP, analyzer.SuspiciousReasons);
        return BadRequest("Suspicious activity detected");
    }
    
    return Ok();
}

Development Tool Detection

public IActionResult MyAction(RequestAnalyzer analyzer)
{
    // Check if request is from a dev tool
    if (analyzer.IsFromDevelopmentTool)
    {
        _logger.LogInformation(
            "Dev tool: {Tool} | Score: {Score} | Reasons: {Reasons}", 
            analyzer.DevelopmentToolName, 
            analyzer.SuspiciousScore,
            analyzer.SuspiciousReasons
        );
        // Output: "Dev tool: Postman | Score: 0 | Reasons: Development tool detected: Postman (Score: 0 - Allowed)"
        // or:     "Dev tool: curl | Score: 60 | Reasons: Development tool detected: curl (Score: 60 - Blocked)"
        
        // Optionally restrict to internal network only
        if (analyzer.IsPrivateIP == false && analyzer.SuspiciousScore == 0)
        {
            return Forbid($"{analyzer.DevelopmentToolName} only allowed from internal network");
        }
    }
    
    return Ok();
}

Get Client IP

public IActionResult MyAction(RequestAnalyzer analyzer)
{
    // Get client IP - automatically handles proxies and load balancers
    string clientIp = analyzer.IP;
    
    Console.WriteLine($"Client IP: {clientIp}");
    
    return Ok();
}

Configuration Options

public class RequestAnalyzerOptions
{
    // Detection toggles
    public bool EnableVPNDetection { get; set; } = true;
    
    // Allow development tools (Postman, curl, Swagger, etc.)
    // Default: false (secure by default)
    public bool AllowDevelopmentTools { get; set; } = false;
    
    // Thresholds (0-100)
    public int VPNConfidenceThreshold { get; set; } = 65;
    public int SuspiciousRequestScoreThreshold { get; set; } = 30;
    
    // Custom VPN range provider
    public IVpnRangeProvider? VpnRangeProvider { get; set; }
}

Default Values Explained

What This Means:

• 🔒 Secure by default: Production-ready out of the box
• ⚠️ Blocks dev tools: Postman, curl, etc. get score 60 (blocked by default)
• ✅ Allows browsers: Normal users get score 0 (allowed)
• 🎯 Binary scoring: Dev tools get score 0 when allowed, 60 when not
• 📊 Easy monitoring: Use IsFromDevelopmentTool flag to track dev tools
• ⚖️ Use environment-based config: Automatically adjusts per environment

Development Tools Detection

When AllowDevelopmentTools = true, the following tools receive a score of 0 (treated as legitimate):
When AllowDevelopmentTools = false, the following tools receive a score of 60 (to ensure blocking):

Use the IsFromDevelopmentTool property to identify and track dev tool usage.

API Clients:

• ✅ Postman, Insomnia, Paw, Bruno, Apidog, Hoppscotch, Thunder Client

API Documentation:

• ✅ Swagger UI, Swagger Codegen, OpenAPI tools, ReDoc, RapiDoc, Stoplight

Command-Line Tools:

• ✅ curl, HTTPie, wget

IDEs:

• ✅ VS Code, JetBrains (IntelliJ, PyCharm, WebStorm, Rider)

HTTP Libraries:

• ✅ Axios, RestSharp, Guzzle, OkHttp, Alamofire, Node-Fetch, Got, Undici

Swagger/OpenAPI Detection:

• Requests from Swagger UI pages (detected via Referer header)
• Requests from /swagger, /api-docs, /openapi, /redoc paths
• Local development AJAX requests (localhost + XMLHttpRequest)

Device Types

public enum DeviceType
{
    Unknown = 0,
    Desktop = 1,
    Mobile = 2,
    Tablet = 3
}

Support

For support, bug reports, feature requests, or any inquiries:

📧 Email: info@waelelazizy.com

We're here to help! Don't hesitate to reach out.

License

MIT

Requirements

• .NET 9.0 or higher
• ASP.NET Core