Post

Return 408 Request Timeout For a Regex Timeout Using ASP.NET Core Middleware

Regular expression (regex) operations can be slow, especially if they cause catastrophic backtracking. This can consume significant web application resources. In cases where this isn’t desired, it can be helpful to implement a default regex timeout (see Setting Regex Timeout Globally Using .NET 6.0 With C#)

Additionally, we can implement ASP.NET Core middleware to return 408 Request Timeout (below), rather than let the expection be unhandled.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
using System.Text.RegularExpressions;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Http;

namespace NAMESPACE_HERE
{
    public class RegexTimeoutMiddleware
    {
        private readonly RequestDelegate _next;

        public RegexTimeoutMiddleware(RequestDelegate next)
        {
            _next = next;
        }

        public async Task InvokeAsync(HttpContext context)
        {
            try
            {
                await _next(context);
            }
            catch (RegexMatchTimeoutException)
            {
                context.Response.StatusCode = StatusCodes.Status408RequestTimeout;
                await context.Response.WriteAsync("Operation timed out.");
            }
        }
    }

    public static class RegexTimeoutMiddlewareExtensions
    {
        public static IApplicationBuilder UseRegexTimeoutMiddleware(this IApplicationBuilder builder)
        {
            return builder.UseMiddleware<RegexTimeoutMiddleware>();
        }
    }
}

Next, use it in Program.cs or Startup.cs:

1
app.UseRegexTimeoutMiddleware();

Full example via test project: https://github.com/kendaleiv/RegexTimeoutMiddleware

This post is licensed under CC BY 4.0 by the author.