扩展这个答案How to limit the number of user requests made within a minute ...我开发了这个脚本。它响应真或假,取决于是否在15分钟内调用脚本(在我的情况下是一个简单的PHP上载脚本,其中包括以下脚本)超过10次。 它确实有效,但我想知道它是否真的有助于避免诸如DDOS或类似的攻击。换句话说,这是否为公共PHP脚本添加了安全层?有谁知道我怎么能改善它?问题是,在我的情况下,调用上传图像的脚本必须是公开的。
我希望这个脚本对某些人也有用。
<?
function isAllowed() {
$ip = $_SERVER['HTTP_CLIENT_IP']?$_SERVER['HTTP_CLIENT_IP']:($_SERVER['HTTP_X_FORWARDED_FOR']?$_SERVER['HTTP_X_FORWARDED_FOR']:$_SERVER['REMOTE_ADDR']);
if (file_exists($ip.".txt")) {
$myfile = fopen($ip.".txt", "a");
$txt = date("Y-m-d H:i:s");
fwrite($myfile, $txt . "\n");
$subject = file_get_contents($ip.".txt");
$separator = "\n";
$line = strtok($subject, $separator);
$count = 0;
while ($line !== false) {
$line = strtok( $separator );
$currentTime = date('Y-m-d H:i:s');
$before15mins = strtotime('-15 minutes');
$before15minsAsDate = date('Y-m-d H:i:s', $before15mins);
$time = strtotime( $line );
$myDate = date( 'Y-m-d H:i:s', $time );
if ($before15minsAsDate > $myDate) {
}
else {
$count++;
}
}
if($count > 10) {
//echo("too many attempts: " . $count);
return false;
}
else {
//echo("counting: " . $count);
return true;
}
} else {
fopen($ip.".txt","w");
return true;
}
}
?>