On Fri, October 13, 2006 4:16 pm, Ryan Barclay wrote: > A simple question I imagine, but I am wondering how I would combat DoS > attacks by users holding the REFRESH key on their browsers? > > I have reproduced this error on a PHP-MYSQL website and when I hold > the > REFRESH key on for a while, page gen times shoot up dramatically and > hundreds of processes are created. > > Is there a way I can stop this/limit the connections/processes in > apache > conf/php.ini? > > What can I do to combat this method of DoS? Well, one thing for sure... This question would be better addressed to Apache list. To stay on topic, however, you could log each action the user takes, and if they are "too fast" you can put a "sleep" call into your PHP scripts. This will only stop the user from doing what you did, not from a more generalized DoS attack using something (slightly) more sophisticated than the "refresh" button. So trying to solve this at the PHP level is most likely a Wrong Approach. -- Some people have a "gift" link here. Know what I want? I want you to buy a CD from some starving artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
