1

我已经让 Varnish 缓存与 PHP Captcha 一起使用,但我还不
明白如何设置触发限制。

在每小时(或每分钟)限制如此多的请求之后,将
发送验证码输入。

我有它的工作,但想了解我如何改变 req/s 限制。

以下是来自的代码:http:
//drcarter.info/2010/04/how-fighting-against-scraping-using-varnish-vcl-inline-c-memcached/

这段代码对我说了什么?

if (rc == MEMCACHED_SUCCESS) {
uint64_t intval;
rc= memcached_increment(memc, key, strlen(key), (uint64_t)1, &intval);

if (rc != MEMCACHED_SUCCESS)
  rc= memcached_set(memc, key, strlen(key), "1", 1, (time_t)60, (uint32_t)0);
else
  if (intval>30) {
    VRT_SetHdr(sp, HDR_REQ, "\013X-Scraping:", "1", vrt_magic_string_end);
    syslog(LOG_INFO, "Scraping detected from %s",VRT_IP_string(sp, VRT_r_client_ip(sp)));
    if (intval<300)
      rc= memcached_set(memc, key, strlen(key), "500", 3, (time_t)3600, (uint32_t)0);
  }

您的建议将不胜感激。

谢谢!

4

2 回答 2

1

请原谅我没有评论我的代码:)

所以有了评论,我想你会明白的。

if (rc == MEMCACHED_SUCCESS) {
//if connected to memcache
uint64_t intval;
//trying to increment the "ip address" key (+1)
rc= memcached_increment(memc, key, strlen(key), (uint64_t)1, &intval);

if (rc != MEMCACHED_SUCCESS)
  //if increment fail, then it is the first time that we see this address
  //init the value at 1 for 60 seconds
  rc= memcached_set(memc, key, strlen(key), "1", 1, (time_t)60, (uint32_t)0);
else
  //if increment success, then verifying the value, if more than 30 (30 reqs/minute)
  //blacklist the ipaddress (setting the value arbitrary at 500 for 1 hour)
  if (intval>30) {
    VRT_SetHdr(sp, HDR_REQ, "\013X-Scraping:", "1", vrt_magic_string_end);
    syslog(LOG_INFO, "Scraping detected from %s",VRT_IP_string(sp, VRT_r_client_ip(sp)));
    if (intval<300)
      rc= memcached_set(memc, key, strlen(key), "500", 3, (time_t)3600, (uint32_t)0);
  }
于 2011-06-17T13:14:30.173 回答
0

该代码适用于此流程:

try to increment the key identifying the client and return the value in intval
if it fails set the key with an expiration of 60 seconds
else
  if the number of call (intval) is less than 30
    it set an header X-Scraping (which will be use later to deny access: this part is not in the part of the code you have pasted)

因此,如果您想更改 res/s,您可以在 > 30 测试中进行游戏,或者将密钥到期时间更改为 60 以外的其他值。

于 2011-05-03T11:11:46.247 回答