Protect your Windows RDWeb Server Login Form from malicious bots and brute force attempts.
All information and code is provided as is without any warranty!!
Always backup your files before doing changes. Prefered, test the changes in a dev environment first.
The code was successfully tested on Windows Server 2019 with RDWeb and IIS Role installed.
Caution
Do not replace the files on your server with copy & paste! This repo contains code snippets only. Modify the files on your server.
Root directory is C:\Windows\Web
You have to add/replace some code in the files login.aspx, logoff.aspx and webscripts-domain.js
File locations:
RDWeb/Pages/webscripts-domain.js
RDWeb/Pages/en-US/login.aspx
RDWeb/Pages/en-US/logoff.aspx
All files in the repo have the .txt name extension. Remove .txt to get the default file name extension
I was searching for a "bot protection" for our RDWeb Servers. We tried it with JS and Powershell but was not happy with the results.
Our RDWeb Server got more and more hammered with POST requests, so we had to implement something.
Here is a log (IP addresses removed) before the code was implemented:
If your IIS webserver log looks like this, you need it :)
IIS Log default path: C:\inetpub\logs\LogFiles\W3SVC1\xxx.log
Important
The code in this repo works for the webserver only, not the gateway service!
After the code is implemented the log looks much better.
Check your current webserver logs at C:\inetpub\logs\LogFiles\W3SVC1 and compaire them with the old logs.
Special thanks to thomas-417 for doing the C#!