Re: [PHP] How to prevent DoS on PHP script?
- Date: Mon, 16 Jun 2008 19:01:54 +0200
- From: "Nitsan Bin-Nun" <nitsanbn@xxxxxxxxx>
- Subject: Re: [PHP] How to prevent DoS on PHP script?
I think you can handle this with 2 pages, the first is checking whether the
user is permitted to upload or not and if so passing him to the upload form
with a simple (bool) $_SESSION variable which indicates his permissions.
If you will try to access the second page and the $_SESS variable won't
exist it will throw you back to page 1 to validate your permissions.
Am I missing something? (its pretty simple..)
HTH
On 16/06/2008, Per Jessen <per@xxxxxxxxxxxx> wrote:
>
> Jim Lucas wrote:
>
> > Per Jessen wrote:
> >> Michelle Konzack wrote:
> >>
> >>> My biggest problem is, that the "/fileupload.php" was always
> >>> references
> >>> from outside my webspace. OK, I was thinking this can be solved
> >>> by
> >>> using HTTP_REFERER which has then worked for some days but NOW
> >>> those pigs are back and sending spoofed HTTP_REFERER.
> >>>
> >>> Since I have only a VHost @ISP I can not go deeper into the
> >>> Apache2 config what I have done when I was running my own server.
> >>>
> >>> Can anyone suggest me something, how to block requests from outside?
> >>
> >> Check client IP-addresses?
> >>
> >>
> >> /Per Jessen, Zürich
> >>
> >>
> >
> > The problem that the OP is going to run into is the "Chicken before
> > the Egg" problem. PHP will not start processing until the file upload
> > has already been completely uploaded.
>
> I was about to say "Then let apache check it", but I hadn't read the
> last paragraph of the OPs question.
>
>
> /Per Jessen, Zürich
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>