02.20.07
The dangers of htaccess, wordpress, and rss feeds (or How To DOS attack your own site for shame and humiliation)
On friday night I decided to do a bit of a clean up, and removed some old code which was knocking about from the previous incarnation of coldclimate. In doing so I set myself up for a big fall, and caused a few headaches (and I lot of ear ache for my very wonderful hosts demandtechnologies). How you might ask - surely just deleting things means people get errors and not eat all your bandwidth? Surely it should go down if anything because you’re serving up (or rather not) the thing you deleted?
All very well put, but to get the fnky URLs that Wordpress is so handy for (I’d mujch rather have http://www.coldclimate.co.uk/2007/02/18/site-buggered/ than http://www.coldclimate.co.uk/?id=34567 ) you need to put a little file called htaccess into your directory. What this does is sets up rules for redirecting, so people going to http://www.coldclimate.co.uk/2007/02/18/site-buggered/ actually see a page which is served up by http://www.coldclimate.co.uk/index.php using the information that was passed as “2007/02/18/site-buggered/” in the url. Clever huh?
All goes well until it turned out I’d deleted the code which pulled in my posts from LibraryThing.com and last.fm via rss and displayed them. each and every page opened on coldclimate sent the page off looking for a file which is couldn’t file, and because it wasn’t there it redirected to index.php, which was then pulled, causing it to go looking for the rss feed, and on and on and on. Basically each page somebody tied to view caused 8megs of pages to be pulled form coldclimate, and fed back to itself.
Grand result - site ate up all the bandwidth going from the hosting, making it look like the entire site (as in building, not website) was being attacked, and it was all being directed at my site. Also, because it was repeatedly trying to pull other peoples stuff, they probably got upset too, thinging I was trying to get hold of their stuff 80million times an hour.
So - lessons learned. Watch your logs like a hawk! Code carefully, with error trapping. Include “RewriteOptions MaxRedirects=X" where X is the maximum number of times you don’t mind it having.
Be prepared to pull your whole site down at no notice to fix it, because you are screwing other people too.
[my][home][toon] » .htaccess redirects said,
January 31, 2008 at 12:16 am
[…] As that explaination probably made as much sense as Northern Rock shares, I’d recommend this comprehencive yet easy to understand guide to htaccess. Also rememeber that htaccess can really bugger you up too […]