PHP FormMail

Form Encryption
 

ATTACK_DETECTION_MANY_URL_FIELDS Setting

  
 
ATTACK_DETECTION_MANY_URLS

ATTACK_DETECTION_MANY_URLS

 Index

Index

 ATTACK_DETECTION_URL_PATTERNS

ATTACK_DETECTION_URL_PATTERNS

This page documents the ATTACK_DETECTION_MANY_URL_FIELDS configuration setting in FormMail.

Type Of Setting

ATTACK_DETECTION_MANY_URL_FIELDS is a RECOMMENDED setting, which means...

Pointer

RECOMMENDED

you *should* change this setting. FormMail will work with the default value, but you may lose functionality if you don't modify this setting for your system.

Précis

Enables the "many fields with urls" detection.

Description

Set ATTACK_DETECTION_MANY_URL_FIELDS to non-zero if you want FormMail's attack detection to check for "many fields with urls" attack.

This attack is similar to the one detected with ATTACK_DETECTION_MANY_URLS, except that instead of lots of URLs in one field, there are lots of fields with URLs in them.

This detection allows you to control how many fields on your forms can contain URLs. You control how many fields will trigger the attack detection and cause the submission to be ignored.

The purpose of the ATTACK_DETECTION_MANY_URL_FIELDS setting is to allow you to ignore these attacks (no errors or alerts will be sent to you) and to send the user/attacker to an explanatory page.

The default of 0 disables this detection. This is the best default value because you might want your forms to have several fields where it's OK for users to enter URLs.

To emphasize: this attack detection is off by default. You need to explicitly enable it if you want to use it.

If you never ask for URLs on your forms, set this value to 1. This means that if just one field contains a URL, an attack will be detected.

For a general purpose contact form with a message area, the user may want to send you some URLs in the message area, so a value of 2 is appropriate (meaning that if 2 or more fields have a URL, then spam is detected).

Note also the similar setting ATTACK_DETECTION_MANY_URLS You can enable both of these attack detections together because they test for different things.

Note that FormMail only checks your form's data fields for this attack detection. Special fields are ignored because several of them are supposed to contain URLs.

Default Value

define("ATTACK_DETECTION_MANY_URL_FIELDS",0);

Examples

define("ATTACK_DETECTION_MANY_URL_FIELDS",1);

define("ATTACK_DETECTION_MANY_URL_FIELDS",4);

See Also

ENABLE_ATTACK_DETECTION

ALERT_ON_USER_ERROR

ATTACK_DETECTION_MANY_URLS

ATTACK_DETECTION_MANY_URLS

ATTACK_DETECTION_MANY_URLS

 Index

Index

 ATTACK_DETECTION_URL_PATTERNS

ATTACK_DETECTION_URL_PATTERNS
 
Valid XHTML 1.0! with questions or comments about this web site.
about our products.
By using our software or services you are agreeing to our standard Terms and Conditions.
Copyright © 1999-2010 Open Concepts (Vic) Pty Limited t/as Root Software (ABN 12 130 429 248). All rights reserved.
We use dedicated servers from HiVelocity.net. Page modified: 31 August 2010 GMT. Admin. Research form.