Freeze break request: drop http requests from abusive ip
Kevin Fenzi
kevin at scrye.com
Tue Oct 29 16:36:54 UTC 2013
Greetings.
The last few days we have been getting 1000's of connections to
dl.fedoraproject.org from a .ru ip address. They seem to launch
thousands of downloads at once. This is causing download servers to
alert about max processes and possibly not serve content to others.
I'd like to block them in httpd for now:
(note, IP changed below, since I dont think we want to point out this IP address
for all time in our mail archives. The NN.NN.NN.NN will be replaced with the final IP
when the commit is pushed)
+1's?
kevin
--
diff --git a/modules/fedora-web/files/redirects.conf b/modules/fedora-web/files/redirects.conf
index bbd3ced..717c3fe 100644
--- a/modules/fedora-web/files/redirects.conf
+++ b/modules/fedora-web/files/redirects.conf
@@ -15,6 +15,10 @@ RewriteCond %{HTTP_REFERER} ^http://.*/feed/index\.php\?pid2=.*&sid2=.*&mb2=.*&p
RewriteCond %{HTTP_REFERER} ^http://playdot.net/.*$
RewriteRule .* - [F]
+# Drop connections from .ru site thats spawning thousands of connections at a time.
+RewriteCond %{REMOTE_ADDR} ^NN\.NN\.NN\.NN$
+RewriteRule .* - [F]
+
# Comment this when there is a prerelease available
#RewriteRule ^(/.*)?/get-prerelease.*$ $1/get-fedora [R=302]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/infrastructure/attachments/20131029/b85b8f93/attachment.sig>
More information about the infrastructure
mailing list