Log in

View Full Version : Adding "noscript" before any db connection

yahsuah
03-07-2016, 06:27 PM
I need to add these codes <noscript><meta http-equiv="refresh" content="0; url=whatyouwant.html" /></noscript> to all of my pages, before any db connection.

I added it into top of my global.php but I get headers are already sent error. Same error for forumdisplay.php, showthread.php too.
Dave
03-07-2016, 06:31 PM
That's not possible due to how PHP works.

Browser > HTTP(S) request to the server > PHP script executed > DB connection > complete PHP script result returned to browser.
yahsuah
03-07-2016, 07:11 PM
That's not possible due to how PHP works.

Browser > HTTP(S) request to the server > PHP script executed > DB connection > complete PHP script result returned to browser.

Thank you for your explanation Dave. I don't have experience/knowledge about PHP.

I have been using this php script via include method in php: https://sourceforge.net/projects/iosec/

It is protecting us against DOS attacks. It is working in global.php (before all codes) It is checking/filtering the traffic before global.php codes.

I have been also using http://www.php-firewall.info via include method in php.

<?php

include('iosec.php'); //DOS FIREWALL

define('PHP_FIREWALL_REQUEST_URI', strip_tags( $_SERVER['REQUEST_URI'] ) );
define('PHP_FIREWALL_ACTIVATION', true );
if ( is_file( @dirname(__FILE__).'/xxxxxx/firewall.php' ) )
include_once( @dirname(__FILE__).'/xxxxxx/firewall.php' ); //HACK FIREWALL

...



I wonder how I can add a prevention for non-js bot traffic.
Dave
03-07-2016, 07:14 PM
You can add it to the headinclude template, but that's when PHP reaches the part where it fetches the templates in vBulletin, long after the initial database connection.
yahsuah
03-07-2016, 07:38 PM
You can add it to the headinclude template, but that's when PHP reaches the part where it fetches the templates in vBulletin, long after the initial database connection.

Yeah, this is where I reached...

I am following this script: https://github.com/JoeCurrie/PHP_BrowserValidation (for anti-ddos)

He may be successful...

--------------- Added 1457409995 at 1457409995 ---------------

I tried this: http://www.inspirationbit.com/php-js-detection-of-javascript-browser-settings/ but it didn't work, cause of security token problem.