At 07:00 AM 06/19/00 -0700, Jose Manuel Ruiz wrote:
>> - reject short query requests in the CGI script executing the
>> swish-e program.
>This could be the best one.
I use something like this:
$cnt++ while $query =~ /(?:^|\s)[("]*\S\*/g;
return 'Please use fewer wild card queries'
if $cnt > $Max_SingleLetter_Wildcards;
But I've already stripped IgnoreFirst letters off the front of each query
term. Otherwise the class [("]* should probably include those letters as
well. And I didn't really spend much time with that regular expression --
so if anyone sees a hole please speak up!
I also limit two letter wildcards, and the total number of wild cards.
The other thing I do to reduce a DOS attack is to limit the amount of time
for each request, and kill off swish at the timeout. But I'm not sure what
good that would do against someone quickly flooding the server with
Signals aren't completely portable so I don't see how a timeout feature
like that could be built into Swish. Polling the system time seems like a
Received on Tue Jun 20 14:20:26 2000