Nitsan Bin-Nun wrote:
I think you can handle this with 2 pages, the first is checking whether the
user is permitted to upload or not and if so passing him to the upload form
with a simple (bool) $_SESSION variable which indicates his permissions.
If you will try to access the second page and the $_SESS variable won't
exist it will throw you back to page 1 to validate your permissions.
Am I missing something? (its pretty simple..)
Yes, PHP hasn't started yet.
When someone tries to upload a file to a server, Apache is accepting the file
first. Once the file is completely uploaded, Apache hands off the processing to
Apache. Problem is, by this time the DoS has already happened. Apache has
waisted its time receiving the file.
HTH
On 16/06/2008, Per Jessen <per@xxxxxxxxxxxx> wrote:
Jim Lucas wrote:
Per Jessen wrote:
Michelle Konzack wrote:
My biggest problem is, that the "/fileupload.php" was always
references
from outside my webspace. OK, I was thinking this can be solved
by
using HTTP_REFERER which has then worked for some days but NOW
those pigs are back and sending spoofed HTTP_REFERER.
Since I have only a VHost @ISP I can not go deeper into the
Apache2 config what I have done when I was running my own server.
Can anyone suggest me something, how to block requests from outside?
Check client IP-addresses?
/Per Jessen, Zürich
The problem that the OP is going to run into is the "Chicken before
the Egg" problem. PHP will not start processing until the file upload
has already been completely uploaded.
I was about to say "Then let apache check it", but I hadn't read the
last paragraph of the OPs question.
/Per Jessen, Zürich
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
Jim Lucas
"Some men are born to greatness, some achieve greatness,
and some have greatness thrust upon them."
Twelfth Night, Act II, Scene V
by William Shakespeare
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
