private static void CreateOrUpdateRateLimitIpsRule()

in Azure WAF/Alert - Process Azure FrontDoor Alerts/ProcessAFDAlerts.cs [206:243]

• 29 lines of code
• 5 McCabe index (conditional complexity)

        private static void CreateOrUpdateRateLimitIpsRule(
            WebApplicationFirewallPolicy wafPolicy,
            AlertInfo alertInfo,
            IEnumerable<Row> logs)
        {
            if (logs == null || !logs.Any())
            {
                return;
            }

            // 1. Check if rule already exists
            var rateLimitIpsRule = GetRateLimitIPRuleByCountry(wafPolicy, alertInfo.Country);

            // 2. If not, create it
            if (rateLimitIpsRule == null)
            {
                // rule does not exist, create it
                rateLimitIpsRule = new CustomRule(
                    GetIpRateLimitPriorityByCountry(alertInfo.Country),
                    RuleType.RateLimitRule,
                    new List<MatchCondition>
                    {
                        new MatchCondition("RemoteAddr", "IPMatch", new List<string>())
                    },
                    "Block");

                rateLimitIpsRule.Name = $"{GetCountryCode(alertInfo.Country)}{MitigateDDOSRateLimitTopRequestIPsRuleNamePostfix}";
                rateLimitIpsRule.RateLimitDurationInMinutes = 5;

                wafPolicy.CustomRules.Rules.Add(rateLimitIpsRule);
            }

            // 3. Update the list of IPs to be blocked based on the most recent data
            var listOfIPsToRateLimit = logs.Select(r => r.clientIp_s).ToList();
            rateLimitIpsRule.MatchConditions[0].MatchValue = listOfIPsToRateLimit;
            rateLimitIpsRule.RateLimitThreshold = alertInfo.baselineThreshold < 100 ? 100 : alertInfo.baselineThreshold;
            rateLimitIpsRule.EnabledState = "Enabled";
        }