Site may be attacked by several requests for generate huge images (DDOS)

[s-o-f]

Let's say i have gallery with high-resolution images in my site. I'm using this extension and urls to images would be: /yii2images/images/image-by-item-and-alias.html?item=Gallery&dirtyAlias=1234451233-1.jpg

Original image has big resolution and big size (more than 3Mb). If someone try open url like this /yii2images/images/image-by-item-and-alias.html?item=Gallery&dirtyAlias=1234451233-1_10000.jpg server will generate image with 10000px width. This operation is very heavy for server. Attacker can send several request for generating numerous images: /yii2images/...1234451233-1_10001.jpg /yii2images/....1234451233-1_10002.jpg ... /yii2images/....1234451233-1_19001.jpg /yii2images/...1234451233-1_19002.jpg

In this case extension can't using cache for images and your server will generate more than 10000 images or will be crashed. Also free space on your hdd will quickly ending (image with 10000px width is very huge).

So approach for generating images must be reworked.

[CostaRico]

Yep, I know it. You could prevent an attack with your web server settings. Also it's possible to develop white-list of allowed sizes.