[CentOS-mirror] Chinese IPs - Mirror Stats

Emil archive at ftp.sunet.se
Fri Jan 22 12:23:37 UTC 2010

--On fredag, januari 22, 2010 17.41.17 +0530 "Prof. P. Sriram" 
<sriram at ae.iitm.ac.in> wrote:

> On Fri, 22 Jan 2010, Karanbir Singh wrote:
>> On 01/22/2010 08:43 AM, Prof. P. Sriram wrote:
>> > We had a similar issue at the centos (and other stuff) mirror at
>> > ftp.iitm.ac.in some months ago. We have solved it effectively
>> > using per ip connection limit and fail2ban.
>> The problem with this is that you have efectively made your mirror
>> non  usable for office's and orgaisations that only have 1 ip
>> address to the  world. There are quite a few of them.
> I believe a correction might be in order - we have made it non-usable
> for  those that have 1 ip address and want to download at a rate
> exceeding 5  active connections per minute. Do you know of any such
> organizations?  Shouldn't they be enhancing their connectivity?

I'm not getting into the "right/or/wrong" aspects of this, as both
of you have valid points.

I'm curious though as why you block them completely, instead of just
have them put under some concurensy-limit.

As I understand it you are uinjecting rules to netfilter to have the
abusing addresses blocked, so I think it sould be simple enough to
put a limit on these addresses using the same injection mecanism. Or?


More information about the CentOS-mirror mailing list