|
|
Posted by Petr Vileta on 02/01/07 01:34
Nu wrote:
> I want to protect myself from if someone with a fast connection
> hammers my site. It's not denial of service attacks, but offline
> downloaders (of course that don't show they're offline downloaders in
> the useragent so I can't filter them by that). My main issue is my
> site is PHP so if they hammer it, it gets all the PHP files executing
> and overwhelms the CPU. I'd like to be able to after a certain amount
> of hits on my index.php per second, so just refuse.
>
> I can't find how to do that. Can it be done in PHP, htaccess, etc.
>
> Any ideas?
You can use database for it, but it is a partial solution only.
Create MySQL table 'requests' with these fields:
remote_addr varchar(20)
http_via varchar(100)
http_forwarded varchar(100)
http_x_forwarded_for varchar(100)
x_http_forwarded_for varchar(100)
x_forwarded_for varchar(100)
nexttime datetime
The field names are corresponding to uppercase http header fileds except the
last field. Not all of these you can get, only remote_addr you get alvays.
At begin of your script you must try to ge these fileds as
$_SERVER["REMOTE_ADDR"], $_SERVER["HTTP_VIA"] etc.
Now you must try to search record in table where all fileds are the same.
If you found record you must compare if current time is equial or greter
then value stored in nexttime field.
If current time is less then stored then you can show some error message or
redirect to www.microsoft.com :-)
If current time is equial or greater then you display requested page.
At the end of your script you must
1) update nexttime field (store current time + some addition when user can
access page again) if you found record at begin of script
2) or create new record when you not found record at script begin.
--
Petr Vileta, Czech republic
(My server rejects all messages from Yahoo and Hotmail. Send me your mail
from another non-spammer site please.)
Navigation:
[Reply to this message]
|