[mod_python] Protecting Web apps from to many simultaneous clicks/Hacking

Michael C. Neel neel at mediapulse.com
Thu May 13 14:14:26 EDT 2004 

This is best handled outside of mod_python, by apache.  Take a look at
mod_bandwidth and mod_throttle, which should get you going the in right
direction.  I think people often overlook apache and it's other modules
which can be used with mod_python, and many times are already installed
and just need to be configured.

Mike

On Thu, 2004-05-13 at 14:16, SAiello at Jentoo.com wrote:

> Hello All,
> 
> I was curious for ideas on how to protect a mod_python web application from 
> someone submitting/requesting data very quickly repeatedly. An example, I am 
> building an IMAP webmail application. Currently, if I click the view 'next 
> set of messages in email box' quickly over and over again, that seems to 
> spawn a bunch of apaches trying to service all those requests. One problem is 
> that I really don't want one user being able to make my app take up alot of 
> CPU load by doing this. Another is that I am storing the current message 
> position in a session variable, by spawning a bunch of simultaneous requests 
> I seem to be able to keep clicking 'next' above the total number of messages.
> 
> A quick idea of mine to limit one simultaneous request per session, was at the 
> start of the request, create a session variable that would store the total 
> number of requests for that session. Then I could check the number of 
> requests, and if the variable is greater than 1, sleep until it is lower than 
> 1.
> 
> from mod_python import psp
> from mod_python import apache
> from mod_python import Session
> 
> cookieSecret="CisForCookieThatsGoodEnoughForMe"
> 
> def test1(req, **args):
> 	from mod_python import util
> 	from time import strftime, gmtime, time, sleep
> 	sess=Session.Session(req, None, cookieSecret)
> 	if not sess.has_key('REQUESTS'):
> 		sess['REQUESTS']=1
> 		sess.save()
> 	else:
> 		sess['REQUESTS']+=1
> 		sess.save()
> 		while sess['REQUESTS']>1:
> 			sleep(1)
> 
> <Rest of code>
> 
> 	sess['REQUESTS']-=1
> 	sess.save()
> 	return
> 
> Not sure is this is the best/cleanest method. Any Ideas, thoughts, 
> suggestions ?
> 
> Thanks,
>   Steven 
> _______________________________________________
> Mod_python mailing list
> Mod_python at modpython.org
> http://mailman.modpython.org/mailman/listinfo/mod_python
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://modpython.org/pipermail/mod_python/attachments/20040513/469ab8c8/attachment.html

More information about the Mod_python mailing list