|
SAiello at Jentoo.com
SAiello at Jentoo.com
Thu May 13 15:16:00 EDT 2004
Hello All,
I was curious for ideas on how to protect a mod_python web application from
someone submitting/requesting data very quickly repeatedly. An example, I am
building an IMAP webmail application. Currently, if I click the view 'next
set of messages in email box' quickly over and over again, that seems to
spawn a bunch of apaches trying to service all those requests. One problem is
that I really don't want one user being able to make my app take up alot of
CPU load by doing this. Another is that I am storing the current message
position in a session variable, by spawning a bunch of simultaneous requests
I seem to be able to keep clicking 'next' above the total number of messages.
A quick idea of mine to limit one simultaneous request per session, was at the
start of the request, create a session variable that would store the total
number of requests for that session. Then I could check the number of
requests, and if the variable is greater than 1, sleep until it is lower than
1.
from mod_python import psp
from mod_python import apache
from mod_python import Session
cookieSecret="CisForCookieThatsGoodEnoughForMe"
def test1(req, **args):
from mod_python import util
from time import strftime, gmtime, time, sleep
sess=Session.Session(req, None, cookieSecret)
if not sess.has_key('REQUESTS'):
sess['REQUESTS']=1
sess.save()
else:
sess['REQUESTS']+=1
sess.save()
while sess['REQUESTS']>1:
sleep(1)
<Rest of code>
sess['REQUESTS']-=1
sess.save()
return
Not sure is this is the best/cleanest method. Any Ideas, thoughts,
suggestions ?
Thanks,
Steven
|