Because of the recent project suspicion that someone has been maliciously flushed, it is intended to delay his response if anyone is suspected of being flushed. However, the access speed of others should not be affected. As far as I know, php will open a thread for each request. for example, if there are 1000 access requests at the same time, the interface response is slow. I will use 999 of them... because of the recent project suspicion that someone has been maliciously flushed, it is intended to delay his response if anyone is suspected of being flushed. However, the access speed of others should not be affected. As far as I know, php will open a thread for each request. for example, if there are 1000 access requests at the same time, the interface response is slow, I used this delayed response method for 999 of them. is the remaining 1 request faster? Or the same speed?
At present, I only think of the sleep method. I don't know whether it is reliable...
I already have methods to identify users. what I want to know is how to delay this user's request.
A friend mentioned returning an http error code. this is acceptable, but I restrict the way to judge a user, mainly the ip address and his identification code. both of them can be changed at any time, in case of changing the ip address, he knows that he only imposes restrictions on his ip address. then, he only needs to use a dynamic ip address to change his ID at any time, and then he can continue to refresh my interface, the delayed return will be considered as a server being dragged down by him. if he is satisfied
Reply content:
Because of the recent project suspicion that someone has been maliciously flushed, it is intended to delay his response if anyone is suspected of being flushed. However, the access speed of others should not be affected. As far as I know, php will open a thread for each request. for example, if there are 1000 access requests at the same time, the interface response is slow, I used this delayed response method for 999 of them. is the remaining 1 request faster? Or the same speed?
At present, I only think of the sleep method. I don't know whether it is reliable...
I already have methods to identify users. what I want to know is how to delay this user's request.
A friend mentioned returning an http error code. this is acceptable, but I restrict the way to judge a user, mainly the ip address and his identification code. both of them can be changed at any time, in case of changing the ip address, he knows that he only imposes restrictions on his ip address. then, he only needs to use a dynamic ip address to change his ID at any time, and then he can continue to refresh my interface, the delayed return will be considered as a server being dragged down by him. if he is satisfied
Send an HTTP 104 Status Code (the legendary "connection reset ").
$Code = 104;$Text = 'connection reset by peer';http_response_code($Code);$Protocol = (isset($_SERVER['SERVER_PROTOCOL']) ? $_SERVER['SERVER_PROTOCOL'] : 'HTTP/1.1');header($Protocol . ' ' . $Code . ' ' . $Text);
Of course, it can be done by Nginx: send 444 (server timeout response) or 499 (client can't wait to actively close the connection): Judge the IP address andreturn 444;
.
The sleep method is unreliable, and sleep will block the process. after sleep, it will not be able to provide services to other requests. There are so many php processes, and some blocking operations may affect the throughput. how can we sleep.
There is another problem with the delayed return scheme. since it is a malicious brush, he must be able to send multiple requests at the same time, the delayed return cannot fundamentally reduce the number of requests, this causes a server backlog of requests. If you use your own client or webpage, it is difficult to achieve "malicious 』.
There is also a way to delay the return, asynchronous return request, do not block the process anyway.
In summary, it is better to give him the 4xx method upstairs.
Do you know the ip address?
Limit access frequency