EPiWiki.se  - EPiServer notes shared with others
 

Simple address to page

[Edit]
Simple address to pages in EPiServer can be a very database intensive functionality – because it’s hard to cache and is validated even when a requested URL is missed.

Optimization


The stored procedure ”netQuickSearchByExternalUrl” are accessed may times because it is so general and are going to be executed for all files and folders that are not handled by other functionality (e.g. all missing files also for files with known extension jpg css, js). This means that a evil attacker are able to generate queries directly to the database, and make a possible DOS (Denial-of-service attack to the database).

Solution


- Create a business rule how the simple address to page must follow (example /val2010)
- Create a business rule that minimize the usage of this addresses (by including it in the education for the editors).
- Create a own FriendlyURLRewriteProvider that inherits from EPiServer.Web.FriendlyURLRewriteProvider and overrides ConvertToInternal.

Example


This example prohibit that a database call is made for files (URL path with a dot in it).

using System.Collections.Specialized;
using EPiServer.Web;

namespace Development
{
    public class MyUrlRewriteProvider
        : FriendlyUrlRewriteProvider
    {
        public override void Initialize(
            string name,
            NameValueCollection config)
        {
            config["enableSimpleAddress"] = false.ToString();

            base.Initialize(name, config);
        }

        public override bool ConvertToInternal(
            EPiServer.UrlBuilder url,
            out object internalObject)
        {
            if (base.ConvertToInternal(url, out internalObject))
            {
                return true;
            }

            // Add the business rule "Simple adress to page
            // must not include '.'" to your sites documentation
            if (url.Path.IndexOf('.') > 0)
            {
                return false;
            }

            return SimpleAddress.SimpleAddressToInternal(
                url,
                ref internalObject);
        }
    }
}

Example configuration (web.config)


Replace the standard friendly URL provider with you own.

<configuration>
    ...
    <urlRewrite defaultProvider="EPiServerFriendlyUrlRewriteProvider" >
      <providers>
        <add name="EPiServerFriendlyUrlRewriteProvider"
             description="My enhanched Friendly URL rewriter"
             type="Development.MyUrlRewriteProvider,DagensIndustri.Web"/>

 

Dispable simple address to pages


The simple address to page makes a database call for each page request, on frequently accessed sites it can be a good idea to turn it off.

  <urlRewrite defaultProvider="EPiServerFriendlyUrlRewriteProvider">
    <providers>
      <add name="EPiServerFriendlyUrlRewriteProvider"
           type="EPiServer.Web.FriendlyUrlRewriteProvider,EPiServer"
           enableSimpleAddress="false" />

Version author:
Mattias Lövström

EPiServer version

All