[TYPO3] no_cache and DOS attack
Dmitry Dulepov [typo3]
dmitry at typo3.org
Wed Aug 29 12:05:07 CEST 2007
Bartosz Aninowski wrote:
> I wonder if it is possible to disable no_cache parameter at all?
> What happen if someone make DOS attack against typo3 website and try to
> access url like www.webiste-exmaple.com/?no_cahe=1 ?
> On high traffic website this could overload whole server.
Modify your .htaccess. See if URL has "no_cache=[^&]*" and rewrite URl
without it. You can invent your own secret "no_cache" and rewrite it to
normal "no_cache" too.
Such attack will succeed only of page has lots of plugins with complex
processing (such as tt_news or forums).
--
Dmitry Dulepov
TYPO3 freelancer / TYPO3 core team member
Web: http://typo3bloke.net/
Skype: callto:liels_bugs
More information about the TYPO3-english
mailing list