[mod_python] Protecting Web apps from to many simultaneous clicks/Hacking

SAiello at Jentoo.com SAiello at Jentoo.com
Thu May 13 15:16:00 EDT 2004

Hello All,

I was curious for ideas on how to protect a mod_python web application from 
someone submitting/requesting data very quickly repeatedly. An example, I am 
building an IMAP webmail application. Currently, if I click the view 'next 
set of messages in email box' quickly over and over again, that seems to 
spawn a bunch of apaches trying to service all those requests. One problem is 
that I really don't want one user being able to make my app take up alot of 
CPU load by doing this. Another is that I am storing the current message 
position in a session variable, by spawning a bunch of simultaneous requests 
I seem to be able to keep clicking 'next' above the total number of messages.

A quick idea of mine to limit one simultaneous request per session, was at the 
start of the request, create a session variable that would store the total 
number of requests for that session. Then I could check the number of 
requests, and if the variable is greater than 1, sleep until it is lower than 

from mod_python import psp
from mod_python import apache
from mod_python import Session


def test1(req, **args):
	from mod_python import util
	from time import strftime, gmtime, time, sleep
	sess=Session.Session(req, None, cookieSecret)
	if not sess.has_key('REQUESTS'):
		while sess['REQUESTS']>1:

<Rest of code>


Not sure is this is the best/cleanest method. Any Ideas, thoughts, 
suggestions ?


More information about the Mod_python mailing list