This may all be airs, but it is still in the way I use it, and it can be used for reference.
The language of the last time is absolutely impressed, and almost all of the websites are in this class. Whether you use PHP, Python is also affected to varying degrees, and PHP is particularly obvious, because PHP uses more people, The way of attack is simply not, interested, can find this test script, one terminal hangs a pHP site with a loaf of vulnerabilities.
Our HTTP request is through the NGINX reverse agent, so the advantage is to do a lot of logic on the NGINX layer, which is the anti-Hash DOS is this architecture.
The principle is to filter the request for the number of specified parameters in the POST request. I am 300. You can adjust it yourself. If you don’t have HTTP developers to have more than this parameter value when using the Post method, so it will not affect normal requests.
Previously, there was a C module who wrote NGX himself. It is also the principle, but the NGX module development complexity is there, because his C is not skilled, or write itself with Lua, convenient, simple.
# Configure dependent NGX-Lua module
Ok, there is not much nonsense, put the configuration of Nginx:
>> CAT POST-LIMIT.lua
Local method ngx.var.Request_method
Local Max_count 300 -POST maximum parameters
if Method ‘Post’ Then
Local data ngx.req.get_body_data ()
IF data kil
Local country 0
Local i 0
While True Do
IF count> max_count then
-ngx.redirect (‘/ post-error’)
I String.Find (Data, ‘&’, i + 1)
If i nil the break end
Count country + 1
>> Cat nginx.conf
Nginx other configurations have hidden.
Nginx 1.0.xx combines backend PHP application tests, and configuration also applies to HTTP applications for other development languages.
Have time can slowly upgrade your backend app PHP version, otherwise a range of version upgrades, it is also enough.