Block only one dynamic url per ip ?

Filssad
2014-01-09
2014-01-13
  • Filssad
    Filssad
    2014-01-09

    Hello, Pascal,

    help me please.

    I want to block only one specific url to one client(per ip), example

    many urls:

    site.org/index.php?id=1
    site.org/index.php?id=2
    ....

    after one visiting url (site.org/index.php?id=1)
    this user can not visit this url (site.org/index.php?id=1) by 10 minutes,
    but can visit (site.org/index.php?id=2) - same once per 10 minutes, and so on.
    thanks in advance for your advice.

     
  • You may partially implement your requirements using the QS_MileStone and QS_CondClientEventLimitCount directives.

    • QS_MileStone can be used to define the allowed request sequence which may be sent by a user (users are individual users identified by a session cookie). It enforces that the user can't access URL2 before accessing URL1 (but does not prevent the user from using the back button).

    • QS_CondClientEventLimitCount may be used to define how often a certain resource may be called by a client (Cliens are identified by their IP address - pay attention to the fact, that clients often share a single IP if they connect your web server via a proxy. Pay also attention that this information is stored within your web sever hosting mod_qos and that the information is not shared between multiple web server instances.). This ensures that the client may call a resource only once and is not allowed to use the back button for a certain amount in time.

    Both directives may result in a configuration like this (example):

    QS_MileStone deny "^[A-Z]+ /index.php\?id=1 HTTP/...$"
    QS_MileStone deny "^[A-Z]+ /index.php\?id=2 HTTP/...$"
    QS_MileStone deny "^[A-Z]+ /index.php\?id=3 HTTP/...$"

    SetEnvIfPlus Request_URI ^/index.php$ URILIMIT
    SetEnvIfPlus Request_Query ^id=1$ QUERYLIMIT1
    SetEnvIfPlus Request_Query ^id=2$ QUERYLIMIT2
    SetEnvIfPlus Request_Query ^id=3$ QUERYLIMIT3
    QS_SetEnvIf URILIMIT QUERYLIMIT1 ClientLimit1=y
    QS_SetEnvIf URILIMIT QUERYLIMIT2 ClientLimit2=y
    QS_SetEnvIf URILIMIT QUERYLIMIT3 ClientLimit3=y
    QS_SetEnvIf URILIMIT QUERYLIMIT1 QS_Cond=1
    QS_SetEnvIf URILIMIT QUERYLIMIT2 QS_Cond=2
    QS_SetEnvIf URILIMIT QUERYLIMIT3 QS_Cond=3
    QS_CondClientEventLimitCount 2 600 ClientLimit1 ^1$
    QS_CondClientEventLimitCount 2 600 ClientLimit2 ^2$
    QS_CondClientEventLimitCount 2 600 ClientLimit3 ^3$