Thanks, Corey...
I discussed the firewall with our IT people, but for now, it looks
like (keeping my fingers crossed) that the last change that I made
(that was suggested by Tim) seems to be working. However, if I get
clobbered again, I will probably go with the firewall block.
At 03:14 PM 10/30/2007, Cory Snavely wrote:
>If they're nasty enough, though, they'll drown your Apache or Tomcat
>server in replying with 403s. I've had times that I needed to be
>absolutely merciless and block at the firewall level, using iptables;
>then they don't even get as far as userspace.
>
>On Tue, 2007-10-30 at 14:01 -0500, Tim Donohue wrote:
> > George,
> >
> > We had a similar problem to this one in the past (a year or so ago). I
> > just flat out blocked the IP altogether (not even specific to
> > /bitstream/) via this Apache configuration:
> >
> > <Location />
> > Order Allow,Deny
> >
> > Deny from {malicious ip}
> >
> > Allow from all
> > </Location>
> >
> > This looks similar to your config though (except it blocks all access
> > from that IP).
> >
> > - Tim
> >
> > George Kozak wrote:
> > > Hi...
> > >
> > > I am having a problem with an IP that keeps sending thousands of "GET
> > > /bitstream/..." requests for the same item.
> > >
> > > I have placed the following in my Apache.conf file:
> > >
> > > <Directory /bitstream/>
> > > Options Indexes FollowSymLinks MultiViews
> > > AllowOverride All
> > > Order allow,deny
> > > allow from all
> > > deny from {malicious ip}
> > > </Directory>
> > >
> > > I also placed the following in my server.xml in Tomcat:
> > > <Valve className="org.apache.catalina.valves.RemoteAddrValve"
> > > deny="xxx\.xxx\.xxx\.xx" />
> > >
> > > However, this person still seems to be getting through. My java
> > > process is running from 50%-80% CPU usage. Does anyone have a good
> > > idea on how to shutout a malicious IP in DSpace?
> > >
> > > ***************************
> > > George Kozak
> > > Coordinator
> > > Web Development and Management
> > > Digital Media Group
> > > 501 Olin Library
> > > Cornell University
> > > 607-255-8924
> > > ***************************
> > > [EMAIL PROTECTED]
> > >
> > >
> > > -------------------------------------------------------------------------
> > > This SF.net email is sponsored by: Splunk Inc.
> > > Still grepping through log files to find problems? Stop.
> > > Now Search log events and configuration files using AJAX and a browser.
> > > Download your FREE copy of Splunk now >> http://get.splunk.com/
> > > _______________________________________________
> > > DSpace-tech mailing list
> > > [email protected]
> > > https://lists.sourceforge.net/lists/listinfo/dspace-tech
> > >
> >
>
>-------------------------------------------------------------------------
>This SF.net email is sponsored by: Splunk Inc.
>Still grepping through log files to find problems? Stop.
>Now Search log events and configuration files using AJAX and a browser.
>Download your FREE copy of Splunk now >> http://get.splunk.com/
>_______________________________________________
>DSpace-tech mailing list
>[email protected]
>https://lists.sourceforge.net/lists/listinfo/dspace-tech
***************************
George Kozak
Coordinator
Web Development and Management
Digital Media Group
501 Olin Library
Cornell University
607-255-8924
***************************
[EMAIL PROTECTED]
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
DSpace-tech mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspace-tech
