Class LocalhostEndpointFilter
Namespace: Momentum.ServiceDefaults.Api.EndpointFilters
Assembly: Momentum.ServiceDefaults.dll
Endpoint filter that restricts access to localhost/loopback addresses only.
public class LocalhostEndpointFilter : IEndpointFilterInheritance
object ← LocalhostEndpointFilter
Implements
Inherited Members
object.GetType(), object.MemberwiseClone(), object.ToString(), object.Equals(object?), object.Equals(object?, object?), object.ReferenceEquals(object?, object?), object.GetHashCode()
Remarks
This filter is typically used for sensitive endpoints like health checks or internal diagnostics that should only be accessible from the local machine. Remote requests are rejected with a 401 Unauthorized response.
Security considerations:
<ul><li>Rejects requests with forwarded headers (X-Forwarded-For) to prevent proxy bypass attacks</li><li>Validates both IPv4 and IPv6 loopback addresses</li><li>Null remote IP addresses are rejected for safety</li></ul>
Constructors
LocalhostEndpointFilter(ILogger)
Endpoint filter that restricts access to localhost/loopback addresses only.
public LocalhostEndpointFilter(ILogger logger)Parameters
logger ILogger
Remarks
This filter is typically used for sensitive endpoints like health checks or internal diagnostics that should only be accessible from the local machine. Remote requests are rejected with a 401 Unauthorized response.
Security considerations:
<ul><li>Rejects requests with forwarded headers (X-Forwarded-For) to prevent proxy bypass attacks</li><li>Validates both IPv4 and IPv6 loopback addresses</li><li>Null remote IP addresses are rejected for safety</li></ul>
Methods
InvokeAsync(EndpointFilterInvocationContext, EndpointFilterDelegate)
Validates that the request originates from a loopback address.
public ValueTask<object?> InvokeAsync(EndpointFilterInvocationContext context, EndpointFilterDelegate next)Parameters
context EndpointFilterInvocationContext
The endpoint filter invocation context.
The next filter in the pipeline.
Returns
The result from the next filter if the request is from localhost, or an Unauthorized result if the request is from a remote address.