开发者

.htaccess or PHP protection code against multiple speedy requests

开发者 https://www.devze.com 2022-12-30 05:39 出处:网络
I am looking for ideas for how I can stop external scripts connecting with my site. I\'m looking for the same kind of idea behind Google. As in if a certain amount of requests are made per a certain a

I am looking for ideas for how I can stop external scripts connecting with my site. I'm looking for the same kind of idea behind Google. As in if a certain amount of requests are made per a certain amount of time then block the IP address or something. I thought there maybe a htaccess solution if not, I will write a PHP one.

Any ideas or links to existing methods or scripts is much appr开发者_JS百科eciated.


PHPIDS might be what you want. "Currently the PHPIDS detects all sorts of XSS, SQL Injection, header injection, directory traversal, RFE/LFI, DoS and LDAP attacks."

From the FAQ:

  require_once 'IDS/Init.php';
  $request = array(
      'REQUEST' => $_REQUEST,
      'GET' => $_GET,
      'POST' => $_POST,
      'COOKIE' => $_COOKIE
  );
  $init = IDS_Init::init('IDS/Config/Config.ini');
  $ids = new IDS_Monitor($request, $init);
  $result = $ids->run();

  if (!$result->isEmpty()) {
   // Take a look at the result object
   echo $result;
  }


You can try with mod_evasive for Apache


Your question is somewhat ambiguous - are you wanting to prevent connections outright through Apache or are you wanting to block people from posting data (like Google does to prevent cross-site injections into their search)?

If you are wanting to prevent connections I would search for an Apache module that can regulate requests. If you are simply wanting form protection like Google does then you should look into generating form tokens.

When I build a form I typically generate a hidden input value that contains a token that is also saved in the user's session, and the form will refuse to process unless both tokens are present and match, making it difficult for people to submit data from a remote site.


You can use PEAR Flood Control.

0

精彩评论

暂无评论...
验证码 换一张
取 消

关注公众号