Rate Limit when they throw exception? - Printable Version +- CodeIgniter Forums (https://forum.codeigniter.com) +-- Forum: CodeIgniter 4 (https://forum.codeigniter.com/forumdisplay.php?fid=28) +--- Forum: CodeIgniter 4 Support (https://forum.codeigniter.com/forumdisplay.php?fid=30) +--- Thread: Rate Limit when they throw exception? (/showthread.php?tid=91430) |
Rate Limit when they throw exception? - CIDave - 08-08-2024 Hi! I have an annoying spammer who will occasionally trigger lots of error logs for bad CSRF tokens. Basically they keep throwing the throw SecurityException::forDisallowedAction(); action from system/Security/Security.php Is there a way to trigger a rate limit so that for every time this error occurs, they will eventually get blocked from using the site? This person did it like 500+ times over the course of an hour so it wouldn't catch many innocent users. RE: Rate Limit when they throw exception? - InsiteFX - 08-08-2024 You can take a look at this. CodeIgniter 4 User Guide - Library - Reference - Throttler RE: Rate Limit when they throw exception? - CIDave - 08-09-2024 Anyway to trigger the throttle when the exception happens? I can see the filter can hook into POST requests but not sure if it can hook into exceptions? RE: Rate Limit when they throw exception? - kenjis - 08-09-2024 Customize CSRF filter: https://github.com/codeigniter4/CodeIgniter4/blob/5a340d01298505bbb22efd52bf231ab64a8c23bb/system/Filters/CSRF.php#L48-L65 See also - https://codeigniter.com/user_guide/incoming/filters.html#creating-a-filter - https://codeigniter.com/user_guide/incoming/filters.html#configuring-filters RE: Rate Limit when they throw exception? - CIDave - 08-10-2024 (08-09-2024, 06:58 PM)kenjis Wrote: Customize CSRF filter: Perfect ! Thank you |