堆栈内存溢出
  简体   繁体   English

限制 Web 应用程序的最佳实践?

[英]Best practices for throttling a web-application?

 原文  2011-05-05 03:53:15       php/ security/ apache/ web-applications/ throttling

问题描述

On my site I need to throttle user requests for various reasons:在我的网站上,出于各种原因,我需要限制用户请求:

  • Prevent overquerying of database or 3rd party apis防止过度查询数据库或 3rd 方 api
  • Prevent spam防止垃圾邮件
  • Preventing others from scraping my data防止他人抓取我的数据

I was wondering what the best practices are for throttling?我想知道节流的最佳做法是什么? Should it be done at the script level (PHP/MySQL) or at the server level (Apache)?应该在脚本级别(PHP/MySQL)还是在服务器级别(Apache)完成?

And are there any specific best practices I should keep in mind with regards to throttling?关于节流,我应该记住任何具体的最佳实践吗?

2 个解决方案

解决方案1
 1 已采纳  2011-05-05 03:57:48

This should ideally be done at the network / firewall level or at the very least on Apache.理想情况下,这应该在网络/防火墙级别或至少在 Apache 上完成。

PHP throttling is possible too, but it should only be done if you want to deny the access to the resource and not just delaying. PHP 限制也是可能的,但只有在您想拒绝对资源的访问而不仅仅是延迟时才应该这样做。 Refer to this answer (and comments) I gave in a similar question for more details:有关更多详细信息,请参阅我在类似问题中给出的这个答案(和评论):

解决方案2
 0  2011-05-05 04:11:33

off the top of my head, there are a couple that you might want to consider using:在我的脑海中,您可能需要考虑使用以下几个:

1) You could use JavaScript to create intervals that sets flags so that you can check back with the flag to ensure that they don't request within the interval period. 1)您可以使用 JavaScript 创建设置标志的间隔,以便您可以检查标志以确保它们不会在间隔期内请求。

2) You could use PHP and store their requests time in the session that you're running and check against that so that they don't make requests too frequently. 2)您可以使用 PHP 并将他们的请求时间存储在您正在运行的 session 中,并对其进行检查,以便他们不会过于频繁地发出请求。

3) You could use MySQL to log when their last access time was and see if they should be allowed to use the resource. 3)您可以使用 MySQL 记录他们的最后一次访问时间,看看是否应该允许他们使用该资源。

Generally these methods are divided into client side and server side.通常这些方法分为客户端和服务器端。 Deploy whichever you feel most comfortable with and is most convenient for yourself.部署您觉得最舒服且对自己最方便的任何一个。

Not all deployments allow you to modify the Apache Server config:)并非所有部署都允许您修改 Apache 服务器配置:)

Hope it helps.希望能帮助到你。 Cheers!干杯!

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 用于Web应用程序的会话或Cookie? - Sessions or Cookies for web-application? 最佳做法-Web / PHP / MySQL应用程序技术 - Best practices - technology for web/php/mysql application 在 Web 应用程序和服务器之间对数据进行加密 - Encripting the data between web-application and the server 在 apache2 服务器上部署 Web 应用程序 - Deploying web-application on apache2 server 如何在Web应用程序中存储和转义数据? - How to store and escape data in a web-application? LDAP与PHP Web应用程序的连接 - LDAP connection with PHP web-application 用于启动javaScript Web应用程序的加载指示器 - Loading indicator for starting javaScript web-application 以Cookie加速Web应用程序 - Speed up web-application with cookies for example 在基于* AMP的Web应用程序上处理用户名的最佳做法? - Best practices for handling usernames on an *AMP-based web application? PHP Web应用程序:mysql数据库设计最佳实践问题 - PHP Web Application: mysql database design best practices question
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM