Simple defense against multiple malicious server submissions
Background: The continuous sending or malicious submission of requests by machines puts a lot of pressure on the server. The optimal strategy for this attack is to determine the number of submissions and generate dynamic verification codes, that is, the verification code is displayed when the ip address is repeatedly sent for N times within the specified time. The following is a simple process of identifying ip addresses, recording and defending sessions.
Identify and verify ip addresses
The process is as follows;
Recognize ip addresses
The ip address belongs to the whitelist and goes through [whitelist policy: Intranet ip address + specified ip Address Table]
Use session to store the ip request Timestamp
Number of requests from ip addresses within the specified time period
Take appropriate measures
/*** Obtain and verify the ip address, and prevent multiple submissions in a short time ** @ notice: The verification code is displayed. Replace echo $ echo_str. * @ Return string: return the verified ip Address */protected function getAndCheckIP () {// obtain the environment ip address if (getenv ("HTTP_CLIENT_IP ") & strcasecmp (getenv ("HTTP_CLIENT_IP"), "unknown") $ ip = getenv ("HTTP_CLIENT_IP"); else if (getenv ("HTTP_X_FORWARDED_FOR ") & strcasecmp (getenv ("HTTP_X_FORWARDED_FOR"), "unknown") $ ip = getenv ("HTTP_X_FORWARDED_FOR"); else if (getenv ("REMOTE_ADDR ") & strcasecmp (getenv ("REMOTE_ADDR"), "unknow N ") $ ip = getenv (" REMOTE_ADDR "); else if (isset ($ _ SERVER ['remote _ ADDR ']) & $ _ SERVER ['remote _ ADDR '] & strcasecmp ($ _ SERVER ['remote _ ADDR'], "unknown ")) $ ip = $ _ SERVER ['remote _ ADDR ']; else $ ip = "unknown"; // check environment ip if (! $ This-> isWhiteList ($ ip) {$ echo_str = "too frequent submission. Please try again later! "; // Construct the ip time stack data if (! Is_array ($ _ SESSION [$ ip]) {$ _ SESSION [$ ip] = array ();} if (isset ($ _ SESSION [$ ip] [0]) {$ _ SESSION [$ ip] [] = time (); // The session is saved for 6 hours. Clear session $ post_interval_first = time ()-$ _ SESSION [$ ip] [0]; if ($ post_interval_first> 21600) {$ _ SESSION [$ ip] = array ();} // two submissions less than 1 s are not allowed. $ post_interval_pre = time () -$ _ SESSION [$ ip] [count ($ _ SESSION [$ ip])-3]; if ($ post_interval_pre <1) {echo $ echo_str; exit ;}; // you have submitted 3 requests within 10 seconds. Do not submit $ post_interval_third = time ()-$ _ SESSION [$ ip] [count ($ _ SESSION [$ ip]). -3]; if (isset ($ _ SESSION [$ ip] [3]) & ($ post_interval_third <10) {echo $ echo_str; exit ;} // you have submitted 5 requests within 1 minute. Do not submit $ post_interval_th = time ()-$ _ SESSION [$ ip] [count ($ _ SESSION [$ ip]). -3]; if (isset ($ _ SESSION [$ ip] [5]) & ($ post_interval_fifth <60) {echo $ echo_str; exit ;} // submit 10 times in 6 hours. if (isset ($ _ SESSION [$ ip] [10]) cannot be submitted) {echo $ echo_str; exit ;}} else {$ _ SESSION [$ ip] [] = time () ;}} return ($ ip );}
Whitelist Policy
Whitelist policy: Allow Intranet ip addresses and allow specific ip addresses
/*** Check whether the ip address exists in the White List ** @ param $ ip: verified ip Address * @ return bool: verification result */function isWhiteList ($ ip) {/*** All Intranet ip addresses are in the White List by default */if (! Filter_var ($ ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE) {return true;} // whether return in_array ($ ip, $ this-> _ WHTTE_LIST );}
Attack Protection Policy
The simple strategy adopted by Xiao Yan, such as the above Code, can be combined with business needs in the actual process.
Repeated submission is prohibited within 1 s
Up to 3 submissions within 5s
Up to 5 submissions within 60 s
Up to 10 submissions within 6 hours