[CentOS-mirror] Chinese IPs - Mirror Stats

Karanbir Singh mail-lists at karan.org
Sat Jan 23 13:58:26 UTC 2010


On 01/22/2010 02:19 PM, Prof. P. Sriram wrote:
>> an example - adsl2+ brings in approx 16Mbps downstram, thats plenty of
>> connectivity for most offices with<= 50 employes who mostly only do
> Is it 'reasonable' for such an organization to be generating more than 5
> active connections to a single upstream mirror? And that too after

If there are dozens of computers behind that nat ip, then yes - its 
quite expected for them to generate more than a few connections per minute.

> receiving a 503 service unavailable message? That is what it will take to
> get on the netblock list for an hour. You may disagree, but I think this
> is a reasonable restriction to keep the server available and protected
> from (ab)users.

on a 503, yum will fall back to the next mirror in the mirrorlist. 
However, it wont stop it from attempting a connection - and your machine 
will keep them on the blacklist

>> How about turning off 'RANGE' requests in httpd ? is that an option.
> Maybe it was a version thing, but the url rewriting did not work on the
> server in question.

byte range  partial gets are a http 1.1 thing arnt they ? If you want to 
stick with 1.1, you can still disable them with unset header, and remove 
that from the request completely.

iirc, kernel.org and heanet.ie both have partial gets disabled, wonder 
if they will share some info on how they are doing this and what their 
recommended solution to this sort of heavy hitrate from small number of 
ip's is.

- KB


More information about the CentOS-mirror mailing list