I've got a system having a download.php page. The page takes and id and loads personal files according to in the DB Record after which serves up. I have observed a few instances where files are asked for multiple occasions in a nutshell time spans (20ms). Occasions which are too quick for human input. You will find lots of instances in which the downloader functions fine. However, in test in the downloader’s usage, Used to do see some interesting behavior.

For example, the Ip xxx.xxx.xxx.xxx (that is one out of a variety possessed by xxxxxx.p in Germany) found the website through Google. They looked at around after which found the page http://site.com/xxxx/press+125.php There they released a request /download.php?id=/ZZ/n+aH55Y= (a PDF) at 9:04:23AM. That alone isn't a large deal. However, what's interesting would be that the server appears to possess been quite preoccupied with serving that request. Within the logs the request first completes between 9:09:48 and 9:10:00. It appears such as the user should have become fed up with waiting throughout that point and asked for the document two more occasions. Between 09:14:47 and 09:15:00 exactly the same request seems again, except it's from 9:04:43AM, 20ms after the very first request. It appears another time, having a request that began at 09:05:06 finishing between 09:19:55 and 09:19:58!

I’m concered about that document. In searching with the logs I see other instances where it requires the server a while to deal with that file. Read this listing of demands from zzz.zzz.zzz.zzz[diverse from above] for that file /download.php?id=/ZZ/n+aH55Y= (exactly the same docuemnt as before):

Request time Complete Time 04:32:43 04:33:36 04:32:50 04:33:36 04:32:51 04:33:38 04:33:05 04:33:38 04:33:34 04:33:42 04:33:05 04:33:42

So something is certainly happening. Whether or not this has related to this unique document stumbling in the server, the download.php page’s code, or maybe we’re just seeing evidence of some server level overload because it plays out instantly I’m not sure.

In justness, you will find other cases of people installing /download.php?id=/ZZ/n+aH55Y= (exactly the same PDF) without error. However, it's interesting the multiple processes only appear to occur with that one file, after which only when it's utilized with the page http://site.com/press+125.php . It bears further analysis if there’s something amiss within the code that triggers the machine to fireplace off multiple download demands that occupy the server.

I'm not sure if the press+125.php is really a rabbit hole, but there's strange consicence.

Any ideas? I am totally from ideas. Apache at their maximum? Such things as that.

///DOWNLOAD.php
$file = new files();
$file->comparison_filter("id", "=", $id); //sql to load
if ($file->load()) {
    $file->serve(); 
}


//FILES
function serve() {  
        if ($this->is_loaded) {
            if (file_exists($this->get_value("filename"))) {
                if ($this->get_value("content_type") != "") {
                    header("Content-Type: " . $this->get_value("content_type"));
                }       
                header("Content-Length: " . filesize($this->get_value("filename")));
                if ($this->get_value("flag_image") == 0 || $this->get_value("flag_image") == false) {
                    header("Cache-Control: private");
                    header("Content-Disposition: attachment; filename=" . urlencode($this->get_value("original_filename")));
                }

                set_time_limit(0);
                @readfile($this->get_value("filename"));

                exit;
            }
        }
}

Make use of a CDN network for file downloads. They'll handle this for you personally, and plus offer you bandwidth and scalability. Forget about lock ups in your server. http://www.reelseo.com/free-cdn-velocix/

  1. Perhaps you have examined User-Agent and Referer headers in HTTP request?
  2. Why don't you serving all static files from apache or anything you have? If you wish to track download stats you are able to perform a redirect of your stuff script to static file.

Add '%D %X' for your logging config - I expect which will answer many questions you may have.

C.