> Then, it is not safe to do IP-based blocking, right? Any alternative?
As I mentioned in an earlier post (my original reply to you):
> If I can't trust $HTTP_REFERER, how can I deny malicious attack like
> that?
The best way is authentication... that is asking the user for a username
and passw
Hello "Dan Hardiker" <[EMAIL PROTECTED]>,
Then, it is not safe to do IP-based blocking, right? Any alternative?
On Thu, 16 May 2002 10:10:44 +0100 (BST)
"Dan Hardiker" <[EMAIL PROTECTED]> wrote:
> > Craig Vincent wrote:
> > The best thing you can do is temporarily record the
> > IPs of connect
> Craig Vincent wrote:
> The best thing you can do is temporarily record the
> IPs of connections to your script, and then block IPs that connect to
> the script too often directly from your routing table. It doesn't
> necessarily stop those using proxies but definately is more reliable
> than an
> Is it possible for a hacker to make an identical $HTT_REFERER
> in the header? I have no idea how $HTTP_REFERER is made, is it made
> from the http client and put in the http header?
Thats exactly how its done. The user agent (browser) takes the URL it was
on when a link was clicked / form subm
> I have a php program which executes a heavy mysql query upon request.
> Normally, it should not be requested too often, but I am afraid
> malicious user trying to massively call this program. I am considering
> to use $HTTP_REFERER to restrict the connection source, but is it worth
> trusting?
Hello list,
I have a php program which executes a heavy mysql query upon request.
Normally, it should not be requested too often, but I am afraid
malicious user trying to massively call this program. I am considering
to use $HTTP_REFERER to restrict the connection source, but is it worth
trustin
6 matches
Mail list logo
