Just a general approach to such a situation. Not a comprehensive solution ...

1. Attempt to validate properties below the Application Layer of the OSI model.

1.0 Validate IP address and other Transport and Network Layer properties as required.

1.1 Log Transport and Network Layer connections and scrutinise.


2. Attempt to validate Application Layer properties of the OSI model.
   
   
2.0 Validate/Authenticate Application Layer/HTTP access to documents. Setup authentication for
       HTTP server usage.

2.1 Validate Application Layer HTTP header parameters.


3. Attempt to validate Application Layer connection/session properties and input data.

3.0 Validate Application layer document specific access. Session id token combined with IP
       address and or other parameters via some sort of encoding technique. A user/password auth
       combination with perhaps 'CAPTCHA' techniques to validate the
       user login.

3.1 Validate session form input. Use hidden form values, data length checks, valid characters and or
       words. Validate input times so that input doesn't come too quick or too late.

3.2 Log important events such as logins and form input with appropriate client/session data.

3.3 Scrutinise event logs ... form input/submissions, authentication etc.

Logging events is important for validation as well as other reasons. If a determined or experienced bastard
passes all of the validation checks, you can always check the the logs for patterns. Random or not, you
will notice patterns and can take appropriate action. Beware of blocking/black-listing certain IP's though, you may end up blocking a completely okay network because somebody spoofed an IP or block.

It is easy to spoof Network and Transport Layer packet properties, as well as Applicaiton layer properties such
as the document referrer etc, but if you have no validation, you have no security.

By no means have I listed every possible validation method nor may I be 100% on target.
I have just listed a general layered overview. There are suggestions already mentioned in this thread/node,
but don't stop there. Think about the type of situation you have and apply a security measure to match. Common sense.

Update (:-s) : Fixed some HTML formatting

---

---

• Are you posting in the right place? Check out Where do I post X? to know for sure.
• Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:

  <code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>

• Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
• Want more info? How to link or How to display code and escape characters are good places to start.