By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
440,640 Members | 1,557 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 440,640 IT Pros & Developers. It's quick & easy.

Limit HTTP POST request data size (DoS Attack)

bilibytes
100+
P: 128
Hi everyone,

I have new questions for tonight.

I would like to know the best ways to prevent Denial Of Service Attacks.
Well my question is a bit more precise than that.

I can see of three vectors of implementing a DoS attack (an attacker will certainly use a combination of the 3 ...) here they are:

1. Iteration: using a program that will repeatedly make requests with GET/POST.
2. Weight: Send heavy amounts of data to a form.
3. Replication: Have a bot army and flood a server with requests. (using 1. & 2.)

Well my understanding of DoS is as you see quite limited. But i have tried to spot these vectors to somehow better protect my website.

I'm particularly interested in the 2. point.

I have a login form that processes the data each time a user tries to login.
the problem is that the user can send a huge amount of data, and then (as i use some regex), the server will respond very slowly because it will have to process a lot of data.

I think i cant do much to limit the number of characters a user can send from the form, because it can allways be spoofed..

So i would like to know how to prevent my scripts to process requests that have bigger size than X.

I could check the headers, and see if there is a field that contains the number of bits. But that can be spoofed too..

Is it a good idea to try to prevent this from PHP? Or should/could i do it from apache?

Thank you for your insights,

Best regards

bilibytes
Oct 13 '09 #1
Share this Question
Share on Google+
1 Reply


Dormilich
Expert Mod 5K+
P: 8,639
first apache (gets the data first) then php.
Oct 13 '09 #2

Post your reply

Sign in to post your reply or Sign up for a free account.