Nitsan Bin-Nun wrote:
Okay, I got the idea,
I think you can use PHP to write .htaccess file for IP blocking or something
like that (shared hosts allow this and I'm pretty sure that Apache .htaccess
are able to manage IP blocking).
As long as Apache allows .htaccess files
But... even then what IP's would you write to this?
If a person changed their IP each time they access the script, then it still
would not work.
I would have to say that I just don't think that PHP is going to be the medium
in which this problem has to be handled.
HTH,
Nitsan
On 16/06/2008, Jim Lucas <lists@xxxxxxxxx> wrote:
Nitsan Bin-Nun wrote:
I think you can handle this with 2 pages, the first is checking whether
the
user is permitted to upload or not and if so passing him to the upload
form
with a simple (bool) $_SESSION variable which indicates his permissions.
If you will try to access the second page and the $_SESS variable won't
exist it will throw you back to page 1 to validate your permissions.
Am I missing something? (its pretty simple..)
Yes, PHP hasn't started yet.
When someone tries to upload a file to a server, Apache is accepting the
file first. Once the file is completely uploaded, Apache hands off the
processing to Apache. Problem is, by this time the DoS has already
happened. Apache has waisted its time receiving the file.
HTH
On 16/06/2008, Per Jessen <per@xxxxxxxxxxxx> wrote:
Jim Lucas wrote:
Per Jessen wrote:
Michelle Konzack wrote:
My biggest problem is, that the "/fileupload.php" was always
references
from outside my webspace. OK, I was thinking this can be solved
by
using HTTP_REFERER which has then worked for some days but NOW
those pigs are back and sending spoofed HTTP_REFERER.
Since I have only a VHost @ISP I can not go deeper into the
Apache2 config what I have done when I was running my own server.
Can anyone suggest me something, how to block requests from outside?
Check client IP-addresses?
/Per Jessen, Zürich
The problem that the OP is going to run into is the "Chicken before
the Egg" problem. PHP will not start processing until the file upload
has already been completely uploaded.
I was about to say "Then let apache check it", but I hadn't read the
last paragraph of the OPs question.
/Per Jessen, Zürich
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
Jim Lucas
"Some men are born to greatness, some achieve greatness,
and some have greatness thrust upon them."
Twelfth Night, Act II, Scene V
by William Shakespeare
--
Jim Lucas
"Some men are born to greatness, some achieve greatness,
and some have greatness thrust upon them."
Twelfth Night, Act II, Scene V
by William Shakespeare
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php