Okay, I got the idea, I think you can use PHP to write .htaccess file for IP blocking or something like that (shared hosts allow this and I'm pretty sure that Apache .htaccess are able to manage IP blocking). HTH, Nitsan On 16/06/2008, Jim Lucas <lists@xxxxxxxxx> wrote: > > Nitsan Bin-Nun wrote: > >> I think you can handle this with 2 pages, the first is checking whether >> the >> user is permitted to upload or not and if so passing him to the upload >> form >> with a simple (bool) $_SESSION variable which indicates his permissions. >> If you will try to access the second page and the $_SESS variable won't >> exist it will throw you back to page 1 to validate your permissions. >> >> Am I missing something? (its pretty simple..) >> >> > Yes, PHP hasn't started yet. > > When someone tries to upload a file to a server, Apache is accepting the > file first. Once the file is completely uploaded, Apache hands off the > processing to Apache. Problem is, by this time the DoS has already > happened. Apache has waisted its time receiving the file. > > HTH >> >> On 16/06/2008, Per Jessen <per@xxxxxxxxxxxx> wrote: >> >>> Jim Lucas wrote: >>> >>> Per Jessen wrote: >>>> >>>>> Michelle Konzack wrote: >>>>> >>>>> My biggest problem is, that the "/fileupload.php" was always >>>>>> references >>>>>> from outside my webspace. OK, I was thinking this can be solved >>>>>> by >>>>>> using HTTP_REFERER which has then worked for some days but NOW >>>>>> those pigs are back and sending spoofed HTTP_REFERER. >>>>>> >>>>>> Since I have only a VHost @ISP I can not go deeper into the >>>>>> Apache2 config what I have done when I was running my own server. >>>>>> >>>>>> Can anyone suggest me something, how to block requests from outside? >>>>>> >>>>> Check client IP-addresses? >>>>> >>>>> >>>>> /Per Jessen, Zürich >>>>> >>>>> >>>>> The problem that the OP is going to run into is the "Chicken before >>>> the Egg" problem. PHP will not start processing until the file upload >>>> has already been completely uploaded. >>>> >>> I was about to say "Then let apache check it", but I hadn't read the >>> last paragraph of the OPs question. >>> >>> >>> /Per Jessen, Zürich >>> >>> >>> -- >>> PHP General Mailing List (http://www.php.net/) >>> To unsubscribe, visit: http://www.php.net/unsub.php >>> >>> >>> >> > > -- > Jim Lucas > > "Some men are born to greatness, some achieve greatness, > and some have greatness thrust upon them." > > Twelfth Night, Act II, Scene V > by William Shakespeare > >
