TsgcWebSocketFirewall › Methods › IsMessageAllowed
Core per-message filter. Runs the enabled content-inspection modules (SQL injection, XSS, path traversal, command injection, payload limit, flood protection, custom rules) and returns whether the message should be delivered.
function IsMessageAllowed(const aIP: string; const aMessage: string): Boolean;| Name | Type | Description |
|---|---|---|
aIP | const string | Remote client address that sent the message. Used for per-IP flood counters, threat-score attribution and ban escalation. |
aMessage | const string | Full message payload (text or decoded binary) that will be scanned for malicious patterns and compared against PayloadLimit.MaxSizeBytes. |
True when the message passes every enabled filter; False when any module reports a violation. OnFiltered and OnViolation fire on rejection and the threat score is updated accordingly. (Boolean)
IsMessageAllowed is invoked automatically for every text/binary frame once the Firewall property is wired to a server; it rarely needs to be called manually. Detection results accumulate into the ThreatScore subsystem, so recurrent offenders can be banned automatically once AutoBanThreshold is reached. For pipelines that already decoded a message off-thread, call IsMessageAllowed to re-apply the same filters before persisting or forwarding the payload.
if not sgcWebSocketFirewall1.IsMessageAllowed(Connection.IP, aText) then
Connection.Disconnect;