I am writing some application logic which can recognize malformed or malicious http post data requests made to an IIS 5 aspx page. What is the most efficient way to terminate a bad request?
At the point where a bad request is identified there will be no buffered output and the C# function exit stack is shallow.
My hunch at the moment is that the additional turmoil of response.End() together with its thread terminate exception, might be more disruptive in a DOS attack situation than a regular 204 "no content" response.
To put some perspective on what my site is doing, all aspx hits result in DB query activity of say 10ms to 300ms, so responding to a malformed request as a regular 204 reply in 0.5ms represents a large saving.