+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23)
+--- Thread: DOS attack possibility on cached pages (/showthread.php?tid=52299)
DOS attack possibility on cached pages - El Forum - 06-05-2012
[eluser]vrencianz[/eluser]
Cached pages are vulnerable to DOS attack by making the cache size as large as the host storage size is.
Take the following controller and view as example:
Code:
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
class Test extends CI_Controller
{
function index()
{
$this->output->cache(60);
$this->load->view('testview');
}
}testview.php
Code:
<p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod ...</p>Then requests like:
Code:
http://localhost/test/index/1/
http://localhost/test/index/1/2
http://localhost/test/index/1/23
http://localhost/test/index/1/234
...work and generate different cache files inside the 'cache' directory.
<b>Update</b>
This can be prevented from developer side by testing the number of segments from the url and rejecting those having more than expected. Hm.
DOS attack possibility on cached pages - El Forum - 06-10-2012
[eluser]Vadorequest[/eluser]
Without cache enable, the CI framework blocks the DDOS attacks ?
I didn't know.