[CentOS-mirror] Suggestions needed for handling possible abuse

Sun Jul 21 21:30:17 UTC 2019
nzspiegel at e-dev.us <nzspiegel at e-dev.us>

Hello,

I wanted to ask the list for some feedback on how to handle potential 
abuse of a mirror. I noticed the following activity:

[root at centos4 17:22:47] ~ cat 
/var/log/nginx/centos4.zswap.net.access.log | grep -i firefox | grep 
1.2.3.4 | wc -l
935671

After some googling, The IP address is owned by a particular business, 
but I've redacted it here, to respect their privacy. Whilst it wouldn't 
be outrageous to have many systems running behind a NAT'd IP address 
needing updates, 935k requests for the firefox RPM seems a little over 
the top.

How do you all handle these kinds of things? Block their IP, reach out 
to them, or some other method?

I'd like to prevent this kind of activity, but not sure on the best 
approach to take. Obviously if I block them from my mirror, the behavior 
would most likely move over to someone else's.

Thoughts?
Thanks