Because the project has been suspected of being maliciously swiped recently, I plan to delay his response if I suspect someone is swiping it. But it must not affect other people's access speed. As far as I know, PHP will open a thread for each request. For example, if there are 1,000 visits at the same time, the interface response will be slow. I used this delayed response method for 999 of them. Is there only one left? Will the request be faster? Still the same speed?
Currently, the only way I can think of is to use sleep. I don’t know if it is reliable...
I already have the method to identify the user, but what I want to know is the method to delay the user’s request
Answer: A friend mentioned returning http error code. This is possible, but I limit the way to judge a user, mainly IP and his identification code. Both of these can be changed at any time. If he changes IP, just Knowing that only his IP is restricted, he only needs to use dynamic IP to brush and change his identification code at any time, and he can continue to brush my interface, and the delayed return will be considered to be that the server has been brought down by him. Just be satisfied
Because the project has been suspected of being maliciously swiped recently, I plan to delay his response if I suspect someone is swiping it. But it must not affect other people's access speed. As far as I know, PHP will open a thread for each request. For example, if there are 1,000 visits at the same time, the interface response will be slow. I used this delayed response method for 999 of them. Is there only one left? Will the request be faster? Still the same speed?
Currently, the only way I can think of is to use sleep. I don’t know if it is reliable...
I already have the method to identify the user, but what I want to know is the method to delay the user’s request
Answer: A friend mentioned returning http error code. This is possible, but I limit the way to judge a user, mainly IP and his identification code. Both of these can be changed at any time. If he changes IP, just Knowing that only his IP is restricted, he only needs to use dynamic IP to brush and change his identification code at any time, and he can continue to brush my interface, and the delayed return will be considered to be that the server has been brought down by him. Just be satisfied
Send HTTP 104 status code (the legendary "connection was reset").
<code>$Code = 104; $Text = 'connection reset by peer'; http_response_code($Code); $Protocol = (isset($_SERVER['SERVER_PROTOCOL']) ? $_SERVER['SERVER_PROTOCOL'] : 'HTTP/1.1'); header($Protocol . ' ' . $Code . ' ' . $Text);</code>
Of course, it can be done by Nginx: send 444 (server timeout response) or 499 (client can't wait and actively closes the connection): determine the IP and then return 444;.
The sleep method is unreliable. Sleep will block the process. After sleeping, it cannot provide services for other requests. You only have so many PHP processes, and any blocking operation may affect throughput. How can you sleep?
There is another problem with the delayed return plan. Since it is a malicious brush, he must have a way to send multiple requests at the same time, so delayed return cannot fundamentally reduce the number of his requests, but instead causes a backlog of requests on the server. If you use your own client or web page, it is difficult to be "malicious".
There is also a way to delay return, return the request asynchronously, and don’t block the process anyway.
In summary, it is better to give him 4xx upstairs.
Just asking, do you know the IP?
Limit access frequency
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
