On Mon, Jan 2, 2012 at 10:33 PM, Trenatos <[email protected]> wrote:
> I can just keep it in memory, since I'm only aiming at protecting the
> ad deletion page, I'm expecting quite low traffic to that page.
>
Couple of really simple possibilities. If you just have a page-oriented
architecture (meaning the ad deletion page you mention is self-contained),
you could just put a check at the top of that page:
<cfif !StructKeyExists(application, "ipCheck")>
<cfset application.ipCheck = [] />
</cfif>
<cfset ipInList = false />
<cfloop index="i" from="1" to="#ArrayLen(application.ipCheck)#">
<cfif application.ipCheck[i].ip == CGI.REMOTE_ADDR>
<cfset ipInList = true />
<!--- whatever logic you want here to check to see if they should be
blocked;
i'm using a hit within the last 10 seconds as the criteria --->
<cfif DateDiff('s', application.ipCheck[i].lasthit, Now()) lte 10>
BANNED!
<cfabort />
<!--- ip is in the list but hasn't hit in last 10 seconds --->
<cfelse>
<cfset application.ipCheck[i] = {ip:CGI.REMOTE_ADDR, lasthit:Now()} />
<cfbreak />
</cfif>
</cfif>
</cfloop>
<!--- if ipInList is still false, add it to the list --->
<cfif !ipInList>
<cfset ArrayAppend(application.ipCheck, {ip:CGI.REMOTE_ADDR,
lasthit:Now()}) >
</cfif>
You pass!
<cfdump var="#application.ipCheck#" />
Major caveat--this will get very slow with a high traffic page, and you'll
probably want to wipe out application.ipCheck every so often to keep it
from getting extremely large. But if it's a low traffic page this would
work, or at least it gives us some concrete code to discuss and pick apart.
And of course you can stick this in Application.cfc in onRequestStart and
check to see if the page someone's hitting is one you want to implement the
IP check on as opposed to puttingt his code on the page itself.
You could also store this information in a database but that will be slower
than having it in RAM, with the trade-off being for a large dataset having
things in a database would be more RAM-friendly and more flexible, e.g. in
this example I'm having to loop over an array to check to see if the IP
exists, whereas with a database you could query directly, and of course you
can create query objects yourself on the fly, store that in memory, and
query the query object so that's another option.
Anyway, food for thought if nothing else.
--
Matthew Woodward
[email protected]
http://blog.mattwoodward.com
identi.ca / Twitter: @mpwoodward
Please do not send me proprietary file formats such as Word, PowerPoint,
etc. as attachments.
http://www.gnu.org/philosophy/no-word-attachments.html
--
online documentation: http://openbd.org/manual/
google+ hints/tips: https://plus.google.com/115990347459711259462
http://groups.google.com/group/openbd?hl=en
Join us @ http://www.OpenCFsummit.org/ Dallas, Feb 2012
