Re: Page load frequency

frizzle wrote:


frizzle wrote:
Erwin Moller wrote:
frizzle wrote:

Hi there,

I need a function to prevent a page from being loaded too often too
fast.
So say, one is only allowed to refresh a single page 5 times in 10
seconds, or 10 times in 5 seconds (or whatever ... ).
If the load frequency exceeds that, the site calls exit(); And a
message is displayed. Just like Expression Engine does ...

This way i want to protect the DB from being queried rediculously
often, and maybe even protect it from DDOS attacks.

I hope it's clear. I don't know where to start ..

Thanks!

Hi,

You have to implement some kind of countingmechanism when the page
starts. You can store the timestamp (now) in a database once the page
runs, and check if it has been accessed more than X times last Y
seconds. Just build it. :-)

Of course this check will slow down each request to the page a little,
but if the load of running the whole page is much higher, this may be
worth the time.

Regards,
Erwin Moller

Would this be a good thing to do with sessions ?

Not to be stupid here, but i don't completely get one thing:

Say one can load 5 times in 5 seconds;

If someone loads the page at second 1, and then reloads three times
between second 3 and five, this would be 4 loads in 5 seconds. But if
then he reloads 3 times between seconds 5 and 7, it's 6 loads in (less
then) 5 seconds, though AFAIK your idea would have "approved" this.

How could i fix this?

Thanks!

Hi,

first question: Session.
I was unsure if you wanted to protect against a single user or against all
users.
If you want to protect against a single user loading the page too much, you
should use session, BUT if that visitor wants to circumvent your
sessionlogic, it is easy.
Here is why: If you want to use a session with a visitor you send along a
sessionid with each request and response. The sessionid is stored in the
URL or cookie.
Both can easily be manipulated by the visitor, so this will not really work.

It would make more sense to use the remote IP-address to maximize the number
of requests to your page.

Second querstion: How to implement the quota X times per Y secs?

just a rouch idea based on IP:
create a table like this:
CREATE TABLE tblrequest(
IPnum text,
lastrequest datetime
)

Now above your script do this:
1) Get the remote IP
Use remoteadress, read more here:
http://nl3.php.net/manual/en/function.getenv.php

2) delete from tblrequest ALL requests older than (now - Y secs)

3) check if this IP has already exceeded the quota:
Something like:
SELECT COUNT(IPnum) FROM tblrequest
WHERE (IPnum = '<IPnum found in step1>');

if the count exceeds X, exit, otherwise continue with the rest of the
script.


Hope this helps.

Regards,
Erwin Moller
.

Relevant Pages

  • ASP.NET Mobile, Cookieless Sessions, and Load Balancing
    ... cookieless sessions and have an F5 Load Balancer that balances the load ... on the session ID in the URL. ... But what about the first request to the ... Since the first request was essentially routed ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: PHP Passing Variables Between Pages and Security
    ... it as a parameter in the next request (again using CURL). ... Command-line CURL can and will save cookies (specifically the session ... What exactly are you trying to protect against here? ...
    (comp.lang.php)
  • Re: Page load frequency
    ... Erwin Moller wrote: ... This way i want to protect the DB from being queried rediculously ... first question: Session. ... a sessionid with each request and response. ...
    (comp.lang.php)
  • Re: Page load frequency
    ... Erwin Moller schreef: ... This way i want to protect the DB from being queried rediculously ... first question: Session. ... a sessionid with each request and response. ...
    (comp.lang.php)
  • Re: Page load frequency
    ... This way i want to protect the DB from being queried rediculously ... little, but if the load of running the whole page is much higher, ... first question: Session. ... a sessionid with each request and response. ...
    (comp.lang.php)