This page documents the ATTACK_DETECTION_MANY_URL_FIELDS configuration setting in FormMail.
Type Of Setting
ATTACK_DETECTION_MANY_URL_FIELDS is a RECOMMENDED setting, which means...
RECOMMENDED : you *should* change this setting. FormMail will work with the default value, but you may lose functionality if you don't modify this setting for your system.
Précis
Enables the "many fields with urls" detection.
Description
Set ATTACK_DETECTION_MANY_URL_FIELDS to non-zero if you want FormMail's attack detection to check for "many fields with urls" attack.
This attack is similar to the one detected with ATTACK_DETECTION_MANY_URLS, except that instead of lots of URLs in one field, there are lots of fields with URLs in them.
This detection allows you to control how many fields on your forms can contain URLs. You control how many fields will trigger the attack detection and cause the submission to be ignored.
The purpose of the ATTACK_DETECTION_MANY_URL_FIELDS setting is to allow you to ignore these attacks (no errors or alerts will be sent to you) and to send the user/attacker to an explanatory page.
The default of 0 disables this detection. This is the best default value because you might want your forms to have several fields where it's OK for users to enter URLs.
To emphasize: this attack detection is off by default. You need to explicitly enable it if you want to use it.
If you never ask for URLs on your forms, set this value to 1. This means that if just one field contains a URL, an attack will be detected.
For a general purpose contact form with a message area, the user may want to send you some URLs in the message area, so a value of 2 is appropriate (meaning that if 2 or more fields have a URL, then spam is detected).
Note also the similar setting ATTACK_DETECTION_MANY_URLS You can enable both of these attack detections together because they test for different things.
Note that FormMail only checks your form's data fields for this attack detection. Special fields are ignored because several of them are supposed to contain URLs.
Default Value
From version 9 onwards:
$ATTACK_DETECTION_MANY_URL_FIELDS = 0;
Before version 9:
define("ATTACK_DETECTION_MANY_URL_FIELDS",0);
Examples
From version 9 onwards:
$ATTACK_DETECTION_MANY_URL_FIELDS = 1;
Before version 9:
define("ATTACK_DETECTION_MANY_URL_FIELDS",1);
From version 9 onwards:
$ATTACK_DETECTION_MANY_URL_FIELDS = 4;
Before version 9:
define("ATTACK_DETECTION_MANY_URL_FIELDS",4);