Simple defense against multiple malicious server submissions

: This article describes how to prevent multiple malicious submission attacks. For more information about PHP tutorials, see.

Background: the continuous sending or malicious submission of requests by machines puts a lot of pressure on servers.The optimal strategy is to determine the number of submissions and generate a dynamic verification code., That isVerify that the ip address has been repeatedly sent for N times within the specified time.. The following is a simple process of identifying ip addresses, recording and defending sessions.

Identify and verify ip addresses

The process is as follows;

• Recognize ip addresses

• The ip address belongs to the whitelist and goes through [whitelist policy: intranet ip address + specified ip address table]

• Use session to store the ip request timestamp

• Number of requests from ip addresses within the specified time period

• Take appropriate measures

/*** Obtain and verify the ip address, and prevent multiple submissions in a short time ** @ notice: the verification code is displayed. replace echo $ echo_str. * @ Return string: return the verified ip address */protected function getAndCheckIP () {// Obtain the environment ip address if (getenv ("HTTP_CLIENT_IP ") & strcasecmp (getenv ("HTTP_CLIENT_IP"), "unknown") $ ip = getenv ("HTTP_CLIENT_IP"); else if (getenv ("HTTP_X_FORWARDED_FOR ") & strcasecmp (getenv ("HTTP_X_FORWARDED_FOR"), "unknown") $ ip = getenv ("HTTP_X_FORWARDED_FOR"); else if (getenv ("REMOTE_ADDR ") & strcasecmp (getenv ("REMOTE_ADDR"), "unknow N ") $ ip = getenv (" REMOTE_ADDR "); else if (isset ($ _ SERVER ['remote _ ADDR ']) & $ _ SERVER ['remote _ ADDR '] & strcasecmp ($ _ SERVER ['remote _ ADDR'], "unknown ")) $ ip = $ _ SERVER ['remote _ ADDR ']; else $ ip = "unknown"; // check environment ip if (! $ This-> isWhiteList ($ ip) {$ echo_str = "too frequent submission. please try again later! "; // Construct the ip time stack data if (! Is_array ($ _ SESSION [$ ip]) {$ _ SESSION [$ ip] = array ();} if (isset ($ _ SESSION [$ ip] [0]) {$ _ SESSION [$ ip] [] = time (); // The session is saved for 6 hours. Clear session $ post_interval_first = time ()-$ _ SESSION [$ ip] [0]; if ($ post_interval_first> 21600) {$ _ SESSION [$ ip] = array ();} // Two submissions less than 1 s are not allowed. $ post_interval_pre = time () -$ _ SESSION [$ ip] [count ($ _ SESSION [$ ip])-3]; if ($ post_interval_pre <1) {echo $ echo_str; exit ;}; // you have submitted 3 requests within 10 seconds. do not submit $ post_interval_third = time ()-$ _ SESSION [$ ip] [count ($ _ SESSION [$ ip]). -3]; if (isset ($ _ SESSION [$ ip] [3]) & ($ post_interval_third <10) {echo $ echo_str; exit ;} // you have submitted 5 requests within 1 minute. do not submit $ post_interval_th = time ()-$ _ SESSION [$ ip] [count ($ _ SESSION [$ ip]). -3]; if (isset ($ _ SESSION [$ ip] [5]) & ($ post_interval_fifth <60) {echo $ echo_str; exit ;} // submit 10 times in 6 hours. if (isset ($ _ SESSION [$ ip] [10]) cannot be submitted) {echo $ echo_str; exit ;}} else {$ _ SESSION [$ ip] [] = time () ;}} return ($ ip );}

Whitelist policy

Whitelist policy: allow Intranet ip addresses and allow specific ip addresses

/*** Check whether the ip address exists in the white list ** @ param $ ip: verified ip address * @ return bool: verification result */function isWhiteList ($ ip) {/*** all intranet ip addresses are in the white list by default */if (! Filter_var ($ ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE) {return true;} // whether return in_array ($ ip, $ this-> _ WHTTE_LIST );}

Attack Protection Policy

The simple strategy adopted by Xiao Yan, such as the above code, can be combined with business needs in the actual process.

• Repeated submission is prohibited within 1 S

• Up to 3 submissions within 5s

• Up to 5 submissions within 60 s

• Up to 10 submissions within 6 hours

[Reprinted please note: The Machine repeatedly maliciously submits attacks for simple defense | reliable Cui Xiaoyan]

The above introduces the simple prevention of multiple malicious submission attacks by machines, including some content, and hopes to help those who are interested in PHP tutorials.