Hi Sue, pg_hba.conf only controls who can communicate with Postgres, not who can communicate with DSpace.
Normally it is only 'applications' (e.g. DSpace) that talk to Postgres, not users. A user talks to DSpace, who in turn talks to Postgres. Postgres has no idea or interest in the IP address of the user who is using DSpace, only that of the DSpace application. Therefore adding malicious IP address into that config file will sadly have no effect. You have to block users higher in the stack, either at the application level (apache or tomcat directives), or at the network level (firewall changes). Thanks, Stuart _________________________________________________________________ Gwasanaethau Gwybodaeth Information Services Prifysgol Aberystwyth Aberystwyth University E-bost / E-mail: [EMAIL PROTECTED] Ffon / Tel: (01970) 622860 _________________________________________________________________ -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Thornton, Susan M. (LARC-B702)[NCI INFORMATION SYSTEMS] Sent: 31 October 2007 17:51 To: Mika Stenberg; dspace-tech@lists.sourceforge.net Subject: Re: [Dspace-tech] Blocking a malicious user You can block ip addresses at the postgreSQL level in the pg_hba.conf file. Here is a person I blocked by ip address who was sending all kinds of GET requests to our DSpace server: host all all malicious.ip 255.255.255.255 reject Sue Walker-Thornton NASA Langley Research Center ConITS Contract 757-224-4074 [EMAIL PROTECTED] -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mika Stenberg Sent: Wednesday, October 31, 2007 6:00 AM To: dspace-tech@lists.sourceforge.net Subject: Re: [Dspace-tech] Blocking a malicious user We've had problems like that as well. Blocking specific IP's works only for a while since many bots and spammers seem to change their IP frequently. We didnt come up with a decent solution for this, but blocking an entire country of origin for a period of time has been on my mind. Managing the allowed requests / timeslot for a specific IP might also do the trick. -Mika > If they're nasty enough, though, they'll drown your Apache or Tomcat > server in replying with 403s. I've had times that I needed to be > absolutely merciless and block at the firewall level, using iptables; > then they don't even get as far as userspace. > > On Tue, 2007-10-30 at 14:01 -0500, Tim Donohue wrote: > > George, > > > > We had a similar problem to this one in the past (a year or so ago). I > > > just flat out blocked the IP altogether (not even specific to > > /bitstream/) via this Apache configuration: > > > > <Location /> > > Order Allow,Deny > > > > Deny from {malicious ip} > > > > Allow from all > > </Location> > > > > This looks similar to your config though (except it blocks all access > > from that IP). > > > > - Tim > > > > George Kozak wrote: > > > Hi... > > > > > > I am having a problem with an IP that keeps sending thousands of "GET > > > > /bitstream/..." requests for the same item. > > > > > > I have placed the following in my Apache.conf file: > > > > > > <Directory /bitstream/> > > > Options Indexes FollowSymLinks MultiViews > > > AllowOverride All > > > Order allow,deny > > > allow from all > > > deny from {malicious ip} > > > </Directory> > > > > > > I also placed the following in my server.xml in Tomcat: > > > <Valve className="org.apache.catalina.valves.RemoteAddrValve" > > > deny="xxx\.xxx\.xxx\.xx" /> > > > > > > However, this person still seems to be getting through. My java > > > process is running from 50%-80% CPU usage. Does anyone have a good > > > idea on how to shutout a malicious IP in DSpace? > > > > > > *************************** > > > George Kozak > > > Coordinator > > > Web Development and Management > > > Digital Media Group > > > 501 Olin Library > > > Cornell University > > > 607-255-8924 > > > *************************** > > > [EMAIL PROTECTED] > > > > > > > > > > ------------------------------------------------------------------------ - > > > This SF.net email is sponsored by: Splunk Inc. > > > Still grepping through log files to find problems? Stop. > > > Now Search log events and configuration files using AJAX and a > browser. > > > Download your FREE copy of Splunk now >> http://get.splunk.com/ > > > _______________________________________________ > > > DSpace-tech mailing list > > > DSpace-tech@lists.sourceforge.net > > > https://lists.sourceforge.net/lists/listinfo/dspace-tech > > > > > > > ------------------------------------------------------------------------ - > This SF.net email is sponsored by: Splunk Inc. > Still grepping through log files to find problems? Stop. > Now Search log events and configuration files using AJAX and a browser. > Download your FREE copy of Splunk now >> http://get.splunk.com/ > _______________________________________________ > DSpace-tech mailing list > DSpace-tech@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/dspace-tech > > ------------------------------------------------------------------------ - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech ------------------------------------------------------------------------ - This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ DSpace-tech mailing list DSpace-tech@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dspace-tech