<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  </head>
  <body>
    <p>This is an old problem, I have already re-posted the solution
      once - the original author was the TUNA Mirror Team.</p>
    <p><a class="moz-txt-link-freetext" href="https://lists.centos.org/pipermail/centos-mirror/2020-October/024445.html">https://lists.centos.org/pipermail/centos-mirror/2020-October/024445.html</a></p>
    <p>Maybe it would be a good idea to add this info to the CentOS wiki
      <a class="moz-txt-link-freetext" href="https://wiki.centos.org/HowTos/CreatePublicMirrors">https://wiki.centos.org/HowTos/CreatePublicMirrors</a> , so it
      wouldn't be "loop" asked again.<br>
    </p>
    <p>By the way, if a mirror/firewall can't handle a few 403 requests
      from a few hosts then it's really a big problem. ;)<br>
      <br>
    </p>
    <p>Have a nice day!</p>
    <p><br>
    </p>
    <p>Cheers,</p>
    <p>Peter<br>
    </p>
    <p><br>
    </p>
    <div class="moz-cite-prefix">On 2022. 04. 27. 20:55, Paul Mezzanini
      wrote:<br>
    </div>
    <blockquote type="cite"
cite="mid:CAO4KOCYC268Y1iODzoaC4VZq_hyfuxgep8ZLEx+W=fRgUu5mHg@mail.gmail.com">
      <meta http-equiv="content-type" content="text/html; charset=UTF-8">
      <div dir="ltr">We've been noticing the exact same behaviour and
        are still discussing internally the best way to address it.</div>
      <br>
      <div class="gmail_quote">
        <div dir="ltr" class="gmail_attr">On Wed, Apr 27, 2022 at 2:28
          PM Stephen Smoogen <<a href="mailto:ssmoogen@redhat.com"
            moz-do-not-send="true">ssmoogen@redhat.com</a>> wrote:<br>
        </div>
        <blockquote class="gmail_quote" style="margin:0px 0px 0px
          0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
          <div dir="ltr">
            <div dir="ltr"><br>
            </div>
            <br>
            <div class="gmail_quote">
              <div dir="ltr" class="gmail_attr">On Wed, 27 Apr 2022 at
                14:16, Russell Jones <<a
                  href="mailto:arjones85@gmail.com" target="_blank"
                  moz-do-not-send="true">arjones85@gmail.com</a>>
                wrote:<br>
              </div>
              <blockquote class="gmail_quote" style="margin:0px 0px 0px
                0.8ex;border-left:1px solid
                rgb(204,204,204);padding-left:1ex">
                <div dir="ltr">
                  <div>So, for whatever reason my mirror seems to be
                    getting targeted by China:</div>
                  <div><br>
                  </div>
                  <div><font face="monospace">[root@repos ~]# tail -f
                      access.log | grep 403<br>
                      112.22.135.89 - - [27/Apr/2022:13:10:52 -0500]
                      "GET
                      /centos/7.9.2009/isos/x86_64/CentOS-7-x86_64-Everything-2009.iso
                      HTTP/1.1" 403 153 "-" "curl/7.29.0"<br>
                    </font></div>
                </div>
              </blockquote>
              <div><br>
              </div>
              <div><deleted> </div>
              <blockquote class="gmail_quote" style="margin:0px 0px 0px
                0.8ex;border-left:1px solid
                rgb(204,204,204);padding-left:1ex">
                <div dir="ltr">
                  <div><font face="arial, sans-serif">I geoblocked the
                      country about a week ago, but the requests haven't
                      stopped. It was at the level that it was maxing
                      out my 1gbit/sec link until I did something.</font></div>
                  <div><font face="arial, sans-serif"><br>
                    </font></div>
                  <div><font face="arial, sans-serif">Anyone else seeing
                      anything similar?</font></div>
                  <div><font face="arial, sans-serif"><br>
                    </font></div>
                </div>
              </blockquote>
              <div><br>
              </div>
              <div>I have seen this going for about 10 years with
                different mirrors. The connections are one of three
                things:</div>
              <div>1. Automated downloaders getting blocked by
                Great-Firewall configurations getting to a certain point</div>
              <div>2. Malware installed on a lot of systems being
                commanded to download the software and desist. This is
                usually done to cause bandwidth issues all through the
                stack. They are either getting stopped by firewalls or
                just stopping the connections themselves as part of the
                badness.</div>
              <div><br>
              </div>
              <div>From mirror managing Fedora, number 2 seems to be
                more likely as a lot of the IP addresses doing this
                never show up on asking mirrormanager for downloads.
                Instead they seem to have gotten a list of mirrors from
                some third party and are being commanded to do the
                infinite downloads. I don't know if this is similar with
                what is going on now. </div>
              <div><br>
              </div>
              <div> </div>
              <blockquote class="gmail_quote" style="margin:0px 0px 0px
                0.8ex;border-left:1px solid
                rgb(204,204,204);padding-left:1ex">
                <div dir="ltr">
                  <div><font face="arial, sans-serif"><br>
                    </font></div>
                  <div><font face="arial, sans-serif"><br>
                    </font></div>
                </div>
                _______________________________________________<br>
                CentOS-mirror mailing list<br>
                <a href="mailto:CentOS-mirror@centos.org"
                  target="_blank" moz-do-not-send="true">CentOS-mirror@centos.org</a><br>
                <a
                  href="https://lists.centos.org/mailman/listinfo/centos-mirror"
                  rel="noreferrer" target="_blank"
                  moz-do-not-send="true">https://lists.centos.org/mailman/listinfo/centos-mirror</a><br>
              </blockquote>
            </div>
            <br clear="all">
            <div><br>
            </div>
            -- <br>
            <div dir="ltr">
              <div dir="ltr">
                <div>Stephen Smoogen, Red Hat Automotive<br>
                </div>
                Let us be kind to one another, for most of us are
                fighting a hard battle. -- Ian MacClaren<br>
              </div>
            </div>
          </div>
          _______________________________________________<br>
          CentOS-mirror mailing list<br>
          <a href="mailto:CentOS-mirror@centos.org" target="_blank"
            moz-do-not-send="true">CentOS-mirror@centos.org</a><br>
          <a
            href="https://lists.centos.org/mailman/listinfo/centos-mirror"
            rel="noreferrer" target="_blank" moz-do-not-send="true">https://lists.centos.org/mailman/listinfo/centos-mirror</a><br>
        </blockquote>
      </div>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <pre class="moz-quote-pre" wrap="">_______________________________________________
CentOS-mirror mailing list
<a class="moz-txt-link-abbreviated" href="mailto:CentOS-mirror@centos.org">CentOS-mirror@centos.org</a>
<a class="moz-txt-link-freetext" href="https://lists.centos.org/mailman/listinfo/centos-mirror">https://lists.centos.org/mailman/listinfo/centos-mirror</a>
</pre>
    </blockquote>
  </body>
</html>