Loading ...
Sorry, an error occurred while loading the content.

Protecting CGI input from flooding/DOS attack

Expand Messages
  • msws_1
    Hi guys: In my cgi-writing adventures, I ve come upon the concern of someone hammering my FORM s with a ton of data, initiating a DOS attack. I ve used this
    Message 1 of 1 , Apr 29, 2002
    • 0 Attachment
      Hi guys:

      In my cgi-writing adventures, I've come upon the concern of someone
      hammering my FORM's with a ton of data, initiating a DOS attack.

      I've used this snippet (which I copied from someone's tutorial -
      applogies for no credit) to gather the data sent from my form to my
      cgi:

      read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
      @pairs = split(/&/, $buffer);
      foreach $pair (@pairs) {
      ($name, $value) = split(/=/, $pair);
      $value =~ tr/+/ /;
      $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
      $FORM{$name} = $value;
      }

      I am also fiddling with the CGI.pm module. I understand it has a way
      to protect some:
      POST_MAX to limit the post size

      Without using CGI.pm, how can I prevent someone from flooding my CGI
      with input when I was only expecting say 100k if they were using my
      input form properly?

      Thanks,
      Scott
    Your message has been successfully submitted and would be delivered to recipients shortly.