Peter Frlicka wrote:

> Hello.
> What does apache + php do if the user refreshes a page 10 times in a while
> before the scripts finishes? do all 10 .php scripts finish or do the first
> 9 get aborted? how can i solve the problem that when someone clicks a lot
> on a link (always the same link) the server gets overloaded (because the
> action taken in the script is somehow memory consuming). i need to ensure
> a user (www) can run only one instance of a .php script.

Depends a great deal on the version of the browser/server/PHP you are 
running.  If all goes well, PHP aborts when the user HTTP connection is 
closed which happens when Apache realizes the browser isn't listening any 
more, which happens when Apache tries to send some PHP data to the browser.

Thus, in general, try sending out a "." and calling 
periodically so that the HTTP connection has some traffic to detect the 
failure of the connection so the lack of a connection will get detected by 
Apache and then PHP gets informed about it.

If you are worried about somebody attacking your site this way, though, the 
root problem is not solvable within PHP.  At a certain point, the reload 
attack won't even *REACH* the PHP stage, and they'll just be pounding on 
HTTP connections to Apache.

If you want to solve this problem the "right" way, you need to look into 
"Denial Of Service" attack defenses.  Be warned:  At a certain level, there 
is almost *NOTHING* you can do to defend against a bandwidth-filling DOS 
attack.  Your upstream bandwidth provider (ISP) has to filter out the 
traffic and track it back to the sender and get them (or their ISP, 
actually) to block it.  Packets are packets, and systematically and 
surgically blocking only the ones you don't at the right choke-point to 
keep your bandwidth useful is non-trivial.

Steve (?) Gibson has a rather amusing (in a tabloid sort of way) article 
about this at  NOTE:  This guys is generally the laughingstock of 
the security experts for his media-whore tactics.

Like music?

PHP General Mailing List (
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Reply via email to