Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
By dundun on
I'm just wondering if cron.php could be dangerous...
I mean, if anyone can run the script through any browser it could be damned easy writing a script in order to make a lot of request and cause the well-known denial of service attack.
Is this stupid? Is there some point maybe I'm missing out?
Anyway this question worries me so any help would be appreciated.
Thanks in advance.
Comments
Restrict to 127.0.0.1
What about made a check in cron.php to restrict access to only localhost ?
Just an idea, don't work with it yet, or you can restrict accces with .htacces in apache...
It sounds great, thanks. I
It sounds great, thanks.
I will try the .htaccess way just in case.
DOS
And what about the frontpage then? Or any other page? A doS can be done anywehere.
And cron in Drupal does not do everything everytime. Only stuff is performed if neccecary. If you run it twice in 10 seonds (lets say) you will find that the second run does virtually nothing, other than load some code and do some ifs/elses. In any case it uses less resources than a normal pageview after ten seconds (without cache).
[Ber | Drupal Services webschuur.com]