Re: [Dspace-tech] Blocking a malicious user

Tue, 30 Oct 2007 11:14:42 -0800 

If they're nasty enough, though, they'll drown your Apache or Tomcat
server in replying with 403s. I've had times that I needed to be
absolutely merciless and block at the firewall level, using iptables;
then they don't even get as far as userspace.

On Tue, 2007-10-30 at 14:01 -0500, Tim Donohue wrote:
> George,
> 
> We had a similar problem to this one in the past (a year or so ago).  I 
> just flat out blocked the IP altogether (not even specific to 
> /bitstream/) via this Apache configuration:
> 
> <Location />
>      Order Allow,Deny
> 
>      Deny from {malicious ip}
> 
>      Allow from all
> </Location>
> 
> This looks similar to your config though (except it blocks all access 
> from that IP).
> 
> - Tim
> 
> George Kozak wrote:
> > Hi...
> > 
> > I am having a problem with an IP that keeps sending thousands of "GET 
> > /bitstream/..." requests for the same item.
> > 
> > I have placed the following in my Apache.conf file:
> > 
> > <Directory /bitstream/>
> > Options Indexes FollowSymLinks MultiViews
> > AllowOverride All
> > Order allow,deny
> > allow from all
> > deny from {malicious ip}
> > </Directory>
> > 
> > I also placed the following in my server.xml in Tomcat:
> > <Valve className="org.apache.catalina.valves.RemoteAddrValve" 
> > deny="xxx\.xxx\.xxx\.xx" />
> > 
> > However, this person still seems to be getting through.  My java 
> > process is running from 50%-80% CPU usage.  Does anyone have a good 
> > idea on how to shutout a malicious IP in DSpace?
> > 
> > ***************************
> > George Kozak
> > Coordinator
> > Web Development and Management
> > Digital Media Group
> > 501 Olin Library
> > Cornell University
> > 607-255-8924
> > ***************************
> > [EMAIL PROTECTED] 
> > 
> > 
> > -------------------------------------------------------------------------
> > This SF.net email is sponsored by: Splunk Inc.
> > Still grepping through log files to find problems?  Stop.
> > Now Search log events and configuration files using AJAX and a browser.
> > Download your FREE copy of Splunk now >> http://get.splunk.com/
> > _______________________________________________
> > DSpace-tech mailing list
> > [email protected]
> > https://lists.sourceforge.net/lists/listinfo/dspace-tech
> > 
> 

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
DSpace-tech mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspace-tech

Reply via email to