On 2026-06-26 at 07:38:30 UTC-0400 (Fri, 26 Jun 2026 13:38:30 +0200)
Tom Hendrikx <[email protected]>
is rumored to have said:

On 6/26/26 11:38, Benny Pedersen via users wrote:
Kevin A. McGrail skrev den 2026-06-26 03:53:
Amen

jehova :-)

should it not just be running on 127.0.0.1 ? and create results to live servers presenting the results, it does not need to be 0.0.0.0 while computing imho, lesson learned here


My firsthunch was (and I'm guessing Benny suggests same thing here) is that the RuleQA webserver should not be on the same machine as the actual RuleQA processing stuff, assuming that the DDOS is over HTTP. Maybe an aggressive caching reverse HTTP proxy would be enough?

That would be great, but at present ASF is only providing one VM per project. As of yesterday, this is a pretty beefy one.

Then we could allowlist the rsync submitters (at least to an ISP range if a single IP doesn't suffice) and close public access to the RuleQA backend server altogether?

Probably these ideas have already been catered and discarded for reasons beyond my knowledge, but I'm still putting them here in case it might help someone.

It's the simplest reason in IT: time and money. ASF is a charitable entity which does not give donors any governance privileges, so we don't have the same sort of resources that donor-run foundations may have.

So far (a bit over a day...) it looks like the latest mitigation is doing a good job.



--
 Bill Cole
 [email protected] or [email protected]
(AKA @[email protected] and many *@billmail.scconsult.com addresses)
 Please keep discussion mailing list replies *on-list*
 Not Currently Available For Hire

Reply via email to