Welcome Guest, Not a member yet? Register   Sign In
DOS attack possibility on cached pages
#1

[eluser]vrencianz[/eluser]
Cached pages are vulnerable to DOS attack by making the cache size as large as the host storage size is.

Take the following controller and view as example:

Code:
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');

class Test extends CI_Controller
{
function index()
{
  $this->output->cache(60);
  
  $this->load->view('testview');
}
}


testview.php
Code:
<p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod ...</p>

Then requests like:

Code:
http://localhost/test/index/1/
http://localhost/test/index/1/2
http://localhost/test/index/1/23
http://localhost/test/index/1/234
...

work and generate different cache files inside the 'cache' directory.

<b>Update</b>

This can be prevented from developer side by testing the number of segments from the url and rejecting those having more than expected. Hm.
#2

[eluser]Vadorequest[/eluser]
Without cache enable, the CI framework blocks the DDOS attacks ?
I didn't know.




Theme © iAndrew 2016 - Forum software by © MyBB