On 01/22/2010 02:19 PM, Prof. P. Sriram wrote: >> an example - adsl2+ brings in approx 16Mbps downstram, thats plenty of >> connectivity for most offices with<= 50 employes who mostly only do > Is it 'reasonable' for such an organization to be generating more than 5 > active connections to a single upstream mirror? And that too after If there are dozens of computers behind that nat ip, then yes - its quite expected for them to generate more than a few connections per minute. > receiving a 503 service unavailable message? That is what it will take to > get on the netblock list for an hour. You may disagree, but I think this > is a reasonable restriction to keep the server available and protected > from (ab)users. on a 503, yum will fall back to the next mirror in the mirrorlist. However, it wont stop it from attempting a connection - and your machine will keep them on the blacklist >> How about turning off 'RANGE' requests in httpd ? is that an option. > Maybe it was a version thing, but the url rewriting did not work on the > server in question. byte range partial gets are a http 1.1 thing arnt they ? If you want to stick with 1.1, you can still disable them with unset header, and remove that from the request completely. iirc, kernel.org and heanet.ie both have partial gets disabled, wonder if they will share some info on how they are doing this and what their recommended solution to this sort of heavy hitrate from small number of ip's is. - KB