there are some users in my project, that are using auto refresher or similar extension and each of them are making like 40 requests per second. It is not good for my server. Is it possible from apache side, to temporary block those users? Just temporary? For example for 5 mins?
Asked
Active
Viewed 47 times
0
-
Are you asking about a pure Apache solution? You've also used a _php_ tag - in php this would of course be possible, just need to log the visits and block access if some criteria are met. The question would be whether to just count (and block) by IP (and possibly blocking also other people coming from the same IP) or using more advanced filtering (cookies, browser fingerprint etc). Neither of which would stop a determined attacker, only "refreshing users". – Czechnology Jul 13 '16 at 20:54
-
If you want to prevent a DDOS issue, then you need to act as low level as possible. So Barmar is right the question would be a duplicate and already answered. But I noticed you have a PHP tag on your question. Just to be sure: are you expecting a PHP solution ? (which would not prevent a DDOS situation) – FMaz008 Jul 13 '16 at 20:54