Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

.htaccess or PHP protection code against multiple speedy requests

Tags:

php

.htaccess

I am looking for ideas for how I can stop external scripts connecting with my site. I'm looking for the same kind of idea behind Google. As in if a certain amount of requests are made per a certain amount of time then block the IP address or something. I thought there maybe a htaccess solution if not, I will write a PHP one.

Any ideas or links to existing methods or scripts is much appreciated.

like image 544
Phil Jackson Avatar asked May 12 '10 16:05

Phil Jackson


3 Answers

PHPIDS might be what you want. "Currently the PHPIDS detects all sorts of XSS, SQL Injection, header injection, directory traversal, RFE/LFI, DoS and LDAP attacks."

From the FAQ:

  require_once 'IDS/Init.php';
  $request = array(
      'REQUEST' => $_REQUEST,
      'GET' => $_GET,
      'POST' => $_POST,
      'COOKIE' => $_COOKIE
  );
  $init = IDS_Init::init('IDS/Config/Config.ini');
  $ids = new IDS_Monitor($request, $init);
  $result = $ids->run();

  if (!$result->isEmpty()) {
   // Take a look at the result object
   echo $result;
  }
like image 164
squarism Avatar answered Nov 09 '22 07:11

squarism


You can try with mod_evasive for Apache

like image 25
Kemo Avatar answered Nov 09 '22 08:11

Kemo


Your question is somewhat ambiguous - are you wanting to prevent connections outright through Apache or are you wanting to block people from posting data (like Google does to prevent cross-site injections into their search)?

If you are wanting to prevent connections I would search for an Apache module that can regulate requests. If you are simply wanting form protection like Google does then you should look into generating form tokens.

When I build a form I typically generate a hidden input value that contains a token that is also saved in the user's session, and the form will refuse to process unless both tokens are present and match, making it difficult for people to submit data from a remote site.

like image 37
Jarrod Nettles Avatar answered Nov 09 '22 08:11

Jarrod Nettles