On 11/16/2003 04:32 PM, Andre Dubuc wrote:
Sometimes I have that problem because some users of my site think they can use site sucking programs to get all its content.
What was done is to have a script monitoring the Web server logs and if the same user of the same IP makes an excessive amount of accesses in a short period, add it to the list of denied addresses for a while. This way, the Web server will not even spare resources for abusing users.
Since you use .haccess based permissions, you can just update that file regularly.
I do not have that script quite ready for release now, but if there is interest, I can release it later as a part of this class that already provides log watching services:
http://www.phpclasses.org/logwatcher
Thanks Manuel,
Actually I like your idea -- it is much better. However, I do not use .htaccess permissions -- When I tried uploading the .htaccess file into the docroot area of my site, and it froze the works!
Basically the idea of using the webaccess log file - searching for repetitive usage over a defined period of time (in my case it was every second!) -- sounds good. Now, I just have to determine whether I can use .htaccess with my IP -- they have very restrictive rules.
The advantage of .htaccess is that it is evaluated on each access. So, if you need to block certain IP addresses, you just update .htacess of the respective directory. That can be done by the user that owns the directory. Otherwise you may need to update the Web server configuration files and restart the Web server. For that you need root access.
--
Regards, Manuel Lemos
Free ready to use OOP components written in PHP http://www.phpclasses.org/
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
