On 2026-06-26 at 07:38:30 UTC-0400 (Fri, 26 Jun 2026 13:38:30 +0200)
Tom Hendrikx <[email protected]>
is rumored to have said:
On 6/26/26 11:38, Benny Pedersen via users wrote:
Kevin A. McGrail skrev den 2026-06-26 03:53:
Amen
jehova :-)
should it not just be running on 127.0.0.1 ? and create results to
live servers presenting the results, it does not need to be 0.0.0.0
while computing imho, lesson learned here
My firsthunch was (and I'm guessing Benny suggests same thing here) is
that the RuleQA webserver should not be on the same machine as the
actual RuleQA processing stuff, assuming that the DDOS is over HTTP.
Maybe an aggressive caching reverse HTTP proxy would be enough?
That would be great, but at present ASF is only providing one VM per
project. As of yesterday, this is a pretty beefy one.
Then we could allowlist the rsync submitters (at least to an ISP range
if a single IP doesn't suffice) and close public access to the RuleQA
backend server altogether?
Probably these ideas have already been catered and discarded for
reasons beyond my knowledge, but I'm still putting them here in case
it might help someone.
It's the simplest reason in IT: time and money. ASF is a charitable
entity which does not give donors any governance privileges, so we don't
have the same sort of resources that donor-run foundations may have.
So far (a bit over a day...) it looks like the latest mitigation is
doing a good job.
--
Bill Cole
[email protected] or [email protected]
(AKA @[email protected] and many *@billmail.scconsult.com
addresses)
Please keep discussion mailing list replies *on-list*
Not Currently Available For Hire