shinve — 2012-01-15T04:59:35-05:00 — #1
I have a page that uses the content of a index in the $GET array to launch an mysql query. The query is secure (I hope so at least - it's escaped) but I am worried that this page is a potentially a vulnerability on my site because of the ability to make database queries so fast. Are there any suggestions as to how I might prevent abuse? I was thinking that to limit 100 queries per minute per IP, but this method would lead to a lot of extra database baggage to add. I could check referrers, but this is easily spoofed. The goal here is to stop mini DDOS attacks on this $GET interpreter script.
anthonysterling — 2012-01-15T05:09:52-05:00 — #2
You shouldn't really be implementing this sort of protection within the application, your infrastructure should be configured to protect you against this. Try looking at configuring your firewall, or possibly Apache's mod_security module; if Apache is your chosen HTTP server.
shinve — 2012-01-15T19:08:02-05:00 — #3
That's interesting. I really don't think a lot outside the php box often since I have little experience with Apache other than mod_rewrite. I'll check out mod_security. Do you have any general ideas about how to go about this, for example, does Apache have built in protection that I might set. Just looking for something to aim for while researching.
jgetner — 2012-01-15T19:23:58-05:00 — #4
well there is no absolute best but for an extra added security you can build a blacklist of control commands... then just loop through them for validation.