[CentOS-mirror] DOS attack downloading DVD isos

Fri Nov 20 08:26:36 UTC 2009
Mogens Kjaer <mk at crc.dk>

On 11/20/2009 12:50 AM, Bob Bownes wrote:
> Anyone else seeing high numbers of requests for the DVD isos from a few
> discrete locations? I'm getting multiple requests for dvd's from over 500
> separate locations.

I was hit by the same problem some time ago.

Redirecting http requests to ftp solved the problem:

RewriteEngine On
RewriteCond     %{REQUEST_METHOD} GET
RewriteRule     ^(.*\.iso)$ ftp://ftp.crc.dk/pub/mirrors/$1  [L,R=301]

This rule redirects http://ftp.crc.dk/centos into
ftp://ftp.crc.dk/pub/mirrors/centos for .iso requests.

The "download managers" or whatever don't follow the 301 redirect,
browsers and wget do.

I also limit the number of ftp connections per IP.

Mogens

-- 
Mogens Kjaer, Carlsberg A/S, Computer Department
Gamle Carlsberg Vej 10, DK-2500 Valby, Denmark
Phone: +45 33 27 53 25, Mobile: +45 22 12 53 25
Email: mk at crc.dk Homepage: http://www.crc.dk