Thanks for all the responses on this. After watching the error logs on the production server I saw tons of infinite redirect loops on calls for admin_media:
"GET /admin_media/js/jqu///////////404.shtml/ HTTP/1.1" 302 - ... This wasn't immediately apparent since the admin *seemed* to look and work properly. But that prompted me to poke around in the vhost definition for the admin_media alias, and sure enough, discovered we had two copies of Django installed in the virualenv - one in src and one in lib/pythton2.7/site-packages. The vhost alias for admin_media was pointing to the wrong version, so some of the admin media worked while some did not. Basically, all of those bad requests were opening TCP connections that never got closed... which the firewall's CT_LIMIT feature noticed and blocked. To fix, I corrected the admin_media alias in the vhost and deleted the old Django installation. Thanks again. -- You received this message because you are subscribed to the Google Groups "Django users" group. To view this discussion on the web visit https://groups.google.com/d/msg/django-users/-/haoFj0tyzNIJ. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
