<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>This is an old problem, I have already re-posted the solution
once - the original author was the TUNA Mirror Team.</p>
<p><a class="moz-txt-link-freetext" href="https://lists.centos.org/pipermail/centos-mirror/2020-October/024445.html">https://lists.centos.org/pipermail/centos-mirror/2020-October/024445.html</a></p>
<p>Maybe it would be a good idea to add this info to the CentOS wiki
<a class="moz-txt-link-freetext" href="https://wiki.centos.org/HowTos/CreatePublicMirrors">https://wiki.centos.org/HowTos/CreatePublicMirrors</a> , so it
wouldn't be "loop" asked again.<br>
</p>
<p>By the way, if a mirror/firewall can't handle a few 403 requests
from a few hosts then it's really a big problem. ;)<br>
<br>
</p>
<p>Have a nice day!</p>
<p><br>
</p>
<p>Cheers,</p>
<p>Peter<br>
</p>
<p><br>
</p>
<div class="moz-cite-prefix">On 2022. 04. 27. 20:55, Paul Mezzanini
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAO4KOCYC268Y1iODzoaC4VZq_hyfuxgep8ZLEx+W=fRgUu5mHg@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">We've been noticing the exact same behaviour and
are still discussing internally the best way to address it.</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Wed, Apr 27, 2022 at 2:28
PM Stephen Smoogen <<a href="mailto:ssmoogen@redhat.com"
moz-do-not-send="true">ssmoogen@redhat.com</a>> wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div dir="ltr">
<div dir="ltr"><br>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Wed, 27 Apr 2022 at
14:16, Russell Jones <<a
href="mailto:arjones85@gmail.com" target="_blank"
moz-do-not-send="true">arjones85@gmail.com</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div dir="ltr">
<div>So, for whatever reason my mirror seems to be
getting targeted by China:</div>
<div><br>
</div>
<div><font face="monospace">[root@repos ~]# tail -f
access.log | grep 403<br>
112.22.135.89 - - [27/Apr/2022:13:10:52 -0500]
"GET
/centos/7.9.2009/isos/x86_64/CentOS-7-x86_64-Everything-2009.iso
HTTP/1.1" 403 153 "-" "curl/7.29.0"<br>
</font></div>
</div>
</blockquote>
<div><br>
</div>
<div><deleted> </div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div dir="ltr">
<div><font face="arial, sans-serif">I geoblocked the
country about a week ago, but the requests haven't
stopped. It was at the level that it was maxing
out my 1gbit/sec link until I did something.</font></div>
<div><font face="arial, sans-serif"><br>
</font></div>
<div><font face="arial, sans-serif">Anyone else seeing
anything similar?</font></div>
<div><font face="arial, sans-serif"><br>
</font></div>
</div>
</blockquote>
<div><br>
</div>
<div>I have seen this going for about 10 years with
different mirrors. The connections are one of three
things:</div>
<div>1. Automated downloaders getting blocked by
Great-Firewall configurations getting to a certain point</div>
<div>2. Malware installed on a lot of systems being
commanded to download the software and desist. This is
usually done to cause bandwidth issues all through the
stack. They are either getting stopped by firewalls or
just stopping the connections themselves as part of the
badness.</div>
<div><br>
</div>
<div>From mirror managing Fedora, number 2 seems to be
more likely as a lot of the IP addresses doing this
never show up on asking mirrormanager for downloads.
Instead they seem to have gotten a list of mirrors from
some third party and are being commanded to do the
infinite downloads. I don't know if this is similar with
what is going on now. </div>
<div><br>
</div>
<div> </div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div dir="ltr">
<div><font face="arial, sans-serif"><br>
</font></div>
<div><font face="arial, sans-serif"><br>
</font></div>
</div>
_______________________________________________<br>
CentOS-mirror mailing list<br>
<a href="mailto:CentOS-mirror@centos.org"
target="_blank" moz-do-not-send="true">CentOS-mirror@centos.org</a><br>
<a
href="https://lists.centos.org/mailman/listinfo/centos-mirror"
rel="noreferrer" target="_blank"
moz-do-not-send="true">https://lists.centos.org/mailman/listinfo/centos-mirror</a><br>
</blockquote>
</div>
<br clear="all">
<div><br>
</div>
-- <br>
<div dir="ltr">
<div dir="ltr">
<div>Stephen Smoogen, Red Hat Automotive<br>
</div>
Let us be kind to one another, for most of us are
fighting a hard battle. -- Ian MacClaren<br>
</div>
</div>
</div>
_______________________________________________<br>
CentOS-mirror mailing list<br>
<a href="mailto:CentOS-mirror@centos.org" target="_blank"
moz-do-not-send="true">CentOS-mirror@centos.org</a><br>
<a
href="https://lists.centos.org/mailman/listinfo/centos-mirror"
rel="noreferrer" target="_blank" moz-do-not-send="true">https://lists.centos.org/mailman/listinfo/centos-mirror</a><br>
</blockquote>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
CentOS-mirror mailing list
<a class="moz-txt-link-abbreviated" href="mailto:CentOS-mirror@centos.org">CentOS-mirror@centos.org</a>
<a class="moz-txt-link-freetext" href="https://lists.centos.org/mailman/listinfo/centos-mirror">https://lists.centos.org/mailman/listinfo/centos-mirror</a>
</pre>
</blockquote>
</body>
</html>