0

I have JSON ajax call from jQuery, which returns user country through PHP geolocation. Now the problem is, some users have put that in their website, and I don't know why they did this, to spam me or what, but it calls JSON 20 times per second when someone is on their page, and each time it executes script on my server. Can I limit JSON return only once per page opening (through PHP return function or JSON code), does someone has any idea?

Spartacus
  • 429
  • 2
  • 9
  • 1
    This is probably more usefully done in the webserver configuration, not the script. – Barmar Feb 03 '15 at 19:52
  • [nonce](http://stackoverflow.com/questions/4145531/how-to-create-and-use-nonces) – Jason McCreary Feb 03 '15 at 19:53
  • 1
    Enforce a Same-Origin policy so that JSONP cannot be used. If they are CURL'ing to your server then you will need to track IP addresses and implement a rate limiter of some sort or maybe require hard-coded authentication. You can also try changing the URL of your geo-location script, and if they continue using it then you need to lock it down in the other ways I described. – MonkeyZeus Feb 03 '15 at 19:58

1 Answers1

0

Assuming you are using that GeoIP JSON capability from dynamic pages, you can add a random identifier, with something such as:

$id = md5(random());

Then save that $id in a session table and send it along the HTML.

Change your jQuery script to include that identifier when the GeoIP request is sent to the server. On the server, you first check whether the $id sent by the jQuery exists in your session table. If not, then stop right there, and if you'd like, add the IP address to your firewall for a while that way you waste nearly no resources.

The $id must be deleted after one use if you do not want to allow more than one use. That way even your page will not receive a GeoIP in return.

You should use a similar session identifier for any form you use on your website. It is also possible to attach such to a cookie, but in Europe, they are big at asking people for not using cookies... so you may not want to do that anyway.

Alexis Wilke
  • 19,179
  • 10
  • 84
  • 156