How to prevent people from using test software such as AB to maliciously request their website

Title How to prevent others to use test software such as AB malicious request their own site

Reply content:

Title How to prevent others to use test software such as AB malicious request their own site

nginxYou can use Httplimitreqmodule.
This module can limit the client's frequency of access over a certain period of time through specific client identities (such as ip,ua, etc.), which is much more resource-saving than the control you have in the program.

If it is to be prevented from the code level, it can only be limited by the number of times the IP is accessed over a period of time.
You can record the time and number of visits in the session, and then compare it with your own access restrictions, which are considered malicious if you exceed the limit. Returned 404 to Him.

At present, such software can be very realistic simulation browser requests, so in a small number of requests, is basically blocked.
However, using such software to request your site usually has other purposes, resulting in a large number of duplicate requests.
Can be controlled by the number of requests per unit of time, the same IP or the same useragint generated by the exception request through program judgment to prohibit.
However, even if the program is judged, the request has entered the processing phase will still affect performance, so also to cooperate with other processing methods, repeated response is best to use the cache to achieve, avoid excessive CPU consumption, the diagnosis of the problem IP should be blocked on the firewall side.

Are you talking about me? Ha ha
IP can be shielded processing, IP requests in a unit of time too frequently, directly not processed.
Seems to be a lot of small companies have not done such treatment, so a pressure test basically hung off.

