How do I limit my number of PHP hits per second?

Re: How do I limit my number of PHP hits per second?

"Nu" <no@spam.comkir joitti
viestissä:uE9wh .489905$Fi1.592 87@bgtnsc05-news.ops.worldn et.att.net...Even I have not dealt with this specific issue, I want help by asking these
questions:

1) What info offline downloaders bring to phpinfo():

Re: How do I limit my number of PHP hits per second?

Nu <no@spam.comwro te:
I'd say this would have to be done on server-level, anything in PHP would
still need/eat quite some resources.

May I suggest you ask this on alt.apache.conf iguration?
--
Rik Wasmus

Re: How do I limit my number of PHP hits per second?

Nu wrote:Can't be done. You cannot control what other people on the web
do. You can only control how you react.

Any measure you take against the dishonest folks, you also take
against the honest ones. To that end, there are services out
there who will gladly charge you thousands of dollars to sell
you service packages for several thousand per month. And some
of those might even help to track down your abusive user.

But your best bet is to just make sure you have capacity to
handle peak loads, and that overloaded systems throttle down
gracefully.

Re: How do I limit my number of PHP hits per second?

Rik wrote:
Personally, I do it by primarily serving up static HTML pages,
instead of PHP. I reserve PHP for active content and such.

You can still get hammered, but the PHP system isn't going wild.

Re: How do I limit my number of PHP hits per second?

Sanders Kaufman" <bucky@kaufman. netwrote in message
news:yW9wh.2396 7$yC5.5205@news svr27.news.prod igy.net...mycourseit,bejust


Actually, my site goes to index.php and then index.php digs around in other
PHPs and MySQL. If I stop it right at index.php, I can keep my account from
overloading the CPU.

Re: How do I limit my number of PHP hits per second?


"P Pulkkinen" <perttu.POISTAT AMA.pulkkinen@P OISTATAMA.elisa net.fiwrote in
message news:2N9wh.1352 $wE.1271@reader 1.news.saunalah ti.fi...mythese



I don't understand that question.

Re: How do I limit my number of PHP hits per second?

"Nu" <no@spam.comkir joitti
viestissä:uE9wh .489905$Fi1.592 87@bgtnsc05-news.ops.worldn et.att.net...Sorry, if I misunderstand or miss something. I understood that you mean
persons that use some batch to fetch the _output_ of your script, perhaps
automaticly on timely basis. But not _download_ it in sense of ftp/scp.

1) Can you use $_SERVER["REMOTE_ADD R"] to identify downloaders from each
other?

2) Does it really matter if they are online or offline, if the POINT is
that some people (or machines) execute your index.php or other script
_too_often_?

3) How about this scenario:
You have two database tables:
DOWNLOADS
- download_id
- filepath
- remote_ip
- timestamp
TROUBLEMAKERS
- remote_ip
- filepath

In the END of every script execution you add an entry to downloads table.
You also check, if that filepath/remote_id-combination has become bad enough
to be inserted into troublemakers table. You use some mathematics to define
characteristics of being evil downloader.

In the BEGINNING of every script, you make a database query to troublemakers
table and if current filepath/remote_id-combination is there, stop the
execution immediately.

Downside here is that mysql traffic increases, even php traffic may
decrease. If they was a way to check evil filepath/remote_id-combinations in
apache side, of course troublemakers table could be replaced with
troublemakers-file as well or a file that would be apache magik with that
data inside.

Re: How do I limit my number of PHP hits per second?

Nu wrote:In that case - you just have to choose one or more methods among
the several (labor-intensive) ones out there.

You can exit based on IP's - but they can be spoofed. You can
exit based on other headers - but they can be spoofed, too.

This is why developers talk so much about "scalabilit y". If
your site isn't designed to handle peak loads, and to exit
gracefully during overload - all of the other measures won't help.

That's usually an OK design flaw behind a firewall, but not out
in open water.

Re: How do I limit my number of PHP hits per second?

"Sanders Kaufman" <bucky@kaufman. netwrote in message
news:ypawh.2397 4$yC5.18951@new ssvr27.news.pro digy.net...otherfrom
So how do I handle peak loads and exit gracefully during overloads?

Basically something like X hits per 10 seconds to index.php sounds simple
enough. I can't find out how to do that, though.

Re: How do I limit my number of PHP hits per second?

I am trying to limit how often index.php gets run. Index.php calls lots of
other stuff. I want (even in index.php) to just like if it's run too often
per so many seconds, to just stop and that's enough for now. It's not about
a complicated IP tracking thing, just a simple thing.


"P Pulkkinen" <perttu.POISTAT AMA.pulkkinen@P OISTATAMA.elisa net.fiwrote in
message news:tcawh.1358 $aX.1166@reader 1.news.saunalah ti.fi...myenoughdefinetroublemakersin

Re: How do I limit my number of PHP hits per second?

I am trying to limit how often index.php gets run. Index.php calls lots of
other stuff. I want (even in index.php) to just like if it's run too often
per so many seconds, to just stop and that's enough for now. It's not about
a complicated IP tracking thing, just a simple thing.


"P Pulkkinen" <perttu.POISTAT AMA.pulkkinen@P OISTATAMA.elisa net.fiwrote in
message news:tcawh.1358 $aX.1166@reader 1.news.saunalah ti.fi...myenoughdefinetroublemakersin

Re: How do I limit my number of PHP hits per second?

Nu wrote:Now THAT is a question a coder can answer!!!
There are several approaches.

I would use a timestamp/hitcount $_SESSION[] variable to track
their usage.

Then, each session will be aware of how often its client is
hitting you - aborting the connection (but not the session!)
when they're outside of your desired frequency.

Me, personally, I wouldn't abort the connection. I'd put them
to sleep. There's a sleep() function in PHP that will let you
pause the processing for a period of time. (You might want to
build a wrapper around it for your own sleepy purposes.)

This will also force bot/agents into throttling down their
requests. Since the connection isn't broken, they won't issue a
zillion connection requests. They'll just thing you've got one
seriously bogged down machine.

It might even trick them into thinking they DoS'd you - when in
fact, you DoS'd them.

You can't force people to behave any certain way on the web -
but you can trick their software!



Rule #1 of dealing with coders - don't ask *them* for the spec.

Re: How do I limit my number of PHP hits per second?

$_SESSION[] is pretty much dependant on cookies, right?



"Sanders Kaufman" <bucky@kaufman. netwrote in message
news:Ekbwh.2257 $4H1.91@newssvr 17.news.prodigy .net...simple

Re: How do I limit my number of PHP hits per second?

Nu wrote:You can use database for it, but it is a partial solution only.
Create MySQL table 'requests' with these fields:
remote_addr varchar(20)
http_via varchar(100)
http_forwarded varchar(100)
http_x_forwarde d_for varchar(100)
x_http_forwarde d_for varchar(100)
x_forwarded_for varchar(100)
nexttime datetime

The field names are corresponding to uppercase http header fileds except the
last field. Not all of these you can get, only remote_addr you get alvays.
At begin of your script you must try to ge these fileds as
$_SERVER["REMOTE_ADD R"], $_SERVER["HTTP_VIA"] etc.
Now you must try to search record in table where all fileds are the same.
If you found record you must compare if current time is equial or greter
then value stored in nexttime field.
If current time is less then stored then you can show some error message or
redirect to www.microsoft.com :-)
If current time is equial or greater then you display requested page.

At the end of your script you must
1) update nexttime field (store current time + some addition when user can
access page again) if you found record at begin of script

2) or create new record when you not found record at script begin.

--

Petr Vileta, Czech republic
(My server rejects all messages from Yahoo and Hotmail. Send me your mail
from another non-spammer site please.)