Re: Limiting repetitive file access
From: Manuel Lemos (mlemos_at_acm.org)
Date: 11/16/03
- Next message: Arne Rusek: "Re: [PHP] Can't fetch HTTP POST data in PHP?"
- Previous message: John Smith: "Re: [PHP] Include an encoder into PHP distribution?"
- In reply to: Andre Dubuc: "Limiting repetitive file access"
- Next in thread: Andre Dubuc: "Re: [PHP] Re: Limiting repetitive file access"
- Reply: Andre Dubuc: "Re: [PHP] Re: Limiting repetitive file access"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
To: php-general@lists.php.net Date: Sun, 16 Nov 2003 09:40:47 -0200
Hello,
On 11/16/2003 02:52 AM, Andre Dubuc wrote:
> Recently, a 'user' attempted to access a restricted area of my site
> repetitively (spanning five hours) entering the same url repetitively
> [probably by script]. A massive log file was generated. I would like to ban
> such behavior by limiting the number of successive 'get's a user can do (say
> 4 attempts) before an appropriate action is taken..
>
> As a temporary measure (until I can figure a better way) the url in question
> was disabled.
>
> What I'd like to do, on a per-file basis using $_SESSION, is a combination of
> ipaddress perhaps with a counter that records the number of times that file
> was accessed, and limit the number of successive 'get's that can be done
> before the file is no longer accessible.
This solutions will not avoid your problem.
Sometimes I have that problem because some users of my site think they
can use site sucking programs to get all its content.
What was done is to have a script monitoring the Web server logs and if
the same user of the same IP makes an excessive amount of accesses in a
short period, add it to the list of denied addresses for a while. This
way, the Web server will not even spare resources for abusing users.
Since you use .haccess based permissions, you can just update that file
regularly.
I do not have that script quite ready for release now, but if there is
interest, I can release it later as a part of this class that already
provides log watching services:
http://www.phpclasses.org/logwatcher
-- Regards, Manuel Lemos Free ready to use OOP components written in PHP http://www.phpclasses.org/
- Next message: Arne Rusek: "Re: [PHP] Can't fetch HTTP POST data in PHP?"
- Previous message: John Smith: "Re: [PHP] Include an encoder into PHP distribution?"
- In reply to: Andre Dubuc: "Limiting repetitive file access"
- Next in thread: Andre Dubuc: "Re: [PHP] Re: Limiting repetitive file access"
- Reply: Andre Dubuc: "Re: [PHP] Re: Limiting repetitive file access"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
