Home/ Questions/Q 5984115
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-22T22:19:42+00:00

This is more like a security question. What is best practice to implement something

  • 0

This is more like a security question.
What is best practice to implement something like “counting specific page visits per x time by IP” and blocking that IP address if limit is exceeded?

Some steps:

  1. user enters website
  2. user selects product to buy
  3. fills out forms and submits form
  4. redirected to payment gateway

How can i restrict 5 form submitions per 30 seconds? If user makes 6 per 30 IP gets blocked for 30 minutes?

Thanks.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You are going to want to store actions or requests in a database along with the time() they were made. Then it’s a matter of running a simple mysql_query() to check if the user has exceeded their limit. Eg.

    "SELECT * FROM `requests` WHERE 
    `request_time` > '".(time() - (30 * 60))."' AND
    `ip_address` = '".$_SERVER['REMOTE_ADDR']."';"

    The mysql_num_rows() on this query should return less than 5.

    You can run this query every time a user loads a page or submits your form and simply end the execution of the script.

    You might also want to run a query occasionally to delete old rows, maybe using a cron job.

    • 0