Php code for defense against Cc attacks

A website with a response time of less than one second can respond to CC attacks by more than 20 seconds or even reject services. Does it sound terrible? The following describes how to determine whether a PHP large website is a CC attack (proxy access). The principle is to reject proxy access. This will intercept a small number of visitors, but for that majority of visitors, what are the teeth?

 

<?
// Ban Proxy for all soft.
$ Ipinfo = new IpInfo ();
$ Ipinfo-> banProxy (true );
// If the value is false, the super anonymous proxy is blocked.
Class IpInfo
{
// (C) KINPOO
Var $ clientIp;
Var $ proxy;
Var $ proxyIp;

Function IpInfo ()
{
$ This-> getIp ();
$ This-> checkProxy ();
}
Function banProxy ($ banAll = true)
{
If (! $ This-> proxy)
{
Return;
}
If ($ banAll = true)
{
Die ('forbidden: Proxy connection ');
}
Else
{
If ($ this-> clientIp = $ this-> proxyIp)
{
Die ('forbidden: High Anonymous Proxy connection ');
}
}
}
Function checkProxy ()
{
If (isset ($ _ SERVER [HTTP_X_FORWARDED_FOR])
| Isset ($ _ SERVER [HTTP_VIA])
| Isset ($ _ SERVER [HTTP_PROXY_CONNECTION])
| Isset ($ _ SERVER [HTTP_USER_AGENT_VIA])
| Isset ($ _ SERVER [HTTP_CACHE_CONTROL])
| Isset ($ _ SERVER [HTTP_CACHE_INFO])
{
$ This-> proxy = true;
$ This-> proxyIp = preg_replace ("/^ ([{0-9}.] + ). */"," [url = file: // \ 1] \ 1 [/url] ", $ _ SERVER [REMOTE_ADDR]);
Return $ this-> proxy;
}
}

Function getIp ()
{
If (isset ($ _ SERVER [HTTP_CLIENT_IP]) & $ _ SERVER [HTTP_CLIENT_IP])
{
$ Ip = $ _ SERVER [HTTP_CLIENT_IP];
}
Elseif (isset ($ _ SERVER [HTTP_X_FORWARDED_FOR]) & $ _ SERVER [HTTP_X_FORWARDED_FOR])
{
$ Ip = $ _ SERVER [HTTP_X_FORWARDED_FOR];
}
Else
{
$ Ip = $ _ SERVER [REMOTE_ADDR];
}
$ This-> clientIp = preg_replace ("/^ ([{0-9}.] + ). */"," [url = file: // \ 1] \ 1 [/url] ", $ ip );
Return $ this-> clientIp;
}
}
?>

You can add this judgment code to the location that each user will visit. Once it is determined that the website is accessed by the proxy server, "Proxies Forbidden" is output ", if the advanced Anonymous Proxy server is enabled, "Forbidden: High Anonymous Proxy Connection" is displayed. Of course, you can add the sidebar or footer to prevent the problem.

Of course, you can also use the following code to find out the IP source to block. htaccess.

Function getIP ()
{
Static $ realip;
If (isset ($ _ SERVER )){
If (isset ($ _ SERVER ["HTTP_X_FORWARDED_FOR"]) {
$ Realip = $ _ SERVER ["HTTP_X_FORWARDED_FOR"];
} Else if (isset ($ _ SERVER ["HTTP_CLIENT_IP"]) {
$ Realip = $ _ SERVER ["HTTP_CLIENT_IP"];
} Else {
$ Realip = $ _ SERVER ["REMOTE_ADDR"];
}
} Else {
If (getenv ("HTTP_X_FORWARDED_FOR ")){
$ Realip = getenv ("HTTP_X_FORWARDED_FOR ");
} Else if (getenv ("HTTP_CLIENT_IP ")){
$ Realip = getenv ("HTTP_CLIENT_IP ");
} Else {
$ Realip = getenv ("REMOTE_ADDR ");
}
}
Return $ realip;
}

 

Of course, the code here is mainly used to prevent CC attacks. If you want to ensure high security, you should not only have robust code protection, but also have powerful host support.

 

I would like to remind you that CC attacks are really going to happen. If it is a virtual host, it can be said that it cannot be blocked at all. The only solution is to temporarily create a static page as the website access page.