• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
DOS attack possibility on cached pages

#1
[eluser]vrencianz[/eluser]
Cached pages are vulnerable to DOS attack by making the cache size as large as the host storage size is.

Take the following controller and view as example:

Code:
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');

class Test extends CI_Controller
{
function index()
{
  $this->output->cache(60);
  
  $this->load->view('testview');
}
}


testview.php
Code:
<p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod ...</p>

Then requests like:

Code:
http://localhost/test/index/1/
http://localhost/test/index/1/2
http://localhost/test/index/1/23
http://localhost/test/index/1/234
...

work and generate different cache files inside the 'cache' directory.

<b>Update</b>

This can be prevented from developer side by testing the number of segments from the url and rejecting those having more than expected. Hm.

#2
[eluser]Vadorequest[/eluser]
Without cache enable, the CI framework blocks the DDOS attacks ?
I didn't know.


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2021 MyBB Group.