You can block ip addresses at the postgreSQL level in the pg_hba.conf file. Here is a person I blocked by ip address who was sending all kinds of GET requests to our DSpace server:
host all all malicious.ip 255.255.255.255 reject Sue Walker-Thornton NASA Langley Research Center ConITS Contract 757-224-4074 [EMAIL PROTECTED] -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mika Stenberg Sent: Wednesday, October 31, 2007 6:00 AM To: dspace-tech@lists.sourceforge.net Subject: Re: [Dspace-tech] Blocking a malicious user We've had problems like that as well. Blocking specific IP's works only for a while since many bots and spammers seem to change their IP frequently. We didnt come up with a decent solution for this, but blocking an entire country of origin for a period of time has been on my mind. Managing the allowed requests / timeslot for a specific IP might also do the trick. -Mika > If they're nasty enough, though, they'll drown your Apache or Tomcat > server in replying with 403s. I've had times that I needed to be > absolutely merciless and block at the firewall level, using iptables; > then they don't even get as far as userspace. > > On Tue, 2007-10-30 at 14:01 -0500, Tim Donohue wrote: > > George, > > > > We had a similar problem to this one in the past (a year or so ago). I > > > just flat out blocked the IP altogether (not even specific to > > /bitstream/) via this Apache configuration: > > > > <Location /> > > Order Allow,Deny > > > > Deny from {malicious ip} > > > > Allow from all > > </Location> > > > > This looks similar to your config though (except it blocks all access > > from that IP). > > > > - Tim > > > > George Kozak wrote: > > > Hi... > > > > > > I am having a problem with an IP that keeps sending thousands of "GET > > > > /bitstream/..." requests for the same item. > > > > > > I have placed the following in my Apache.conf file: > > > > > > <Directory /bitstream/> > > > Options Indexes FollowSymLinks MultiViews > > > AllowOverride All > > > Order allow,deny > > > allow from all > > > deny from {malicious ip} > > > </Directory> > > > > > > I also placed the following in my server.xml in Tomcat: > > > <Valve className="org.apache.catalina.valves.RemoteAddrValve" > > > deny="xxx\.xxx\.xxx\.xx" /> > > > > > > However, this person still seems to be getting through. My java > > > process is running from 50%-80% CPU usage. Does anyone have a good > > > idea on how to shutout a malicious IP in DSpace? > > > > > > *************************** > > > George Kozak > > > Coordinator > > > Web Development and Management > > > Digital Media Group > > > 501 Olin Library > > > Cornell University > > > 607-255-8924 > > > *************************** > > > [EMAIL PROTECTED] > > > > > > > > > > ------------------------------------------------------------------------ - > > > This SF.net email is sponsored by: Splunk Inc. > > > Still grepping through log files to find problems? Stop. > > > Now Search log events and configuration files using AJAX and a > browser. > > > Download your FREE copy of Splunk now >> http://get.splunk.com/ > > > _______________________________________________ > > > DSpace-tech mailing list > > > DSpace-tech@lists.sourceforge.net > > > https://lists.sourceforge.net/lists/listinfo/dspace-tech > > > > > > > ------------------------------------------------------------------------ - > This SF.net email is sponsored by: Splunk Inc. > Still grepping through log files to find problems? Stop. > Now Search log events and configuration files using AJAX and a browser. > Download your FREE copy of Splunk now >> http://get.splunk.com/ > _______________________________________________ > DSpace-tech mailing list > DSpace-tech@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/dspace-tech > > ------------------------------------------------------------------------ - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech