[CentOS-mirror] [Ticket#2020100504000801] Potential DOS attack against a mirror
CEDIA FOSS Mirrors
mirror at cedia.org.ecMon Oct 12 15:42:25 UTC 2020
- Previous message: [CentOS-mirror] [Ticket#2020100504000801] Potential DOS attack against a mirror
- Next message: [CentOS-mirror] [Ticket#2020100504000801] Potential DOS attack against a mirror
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
10/07/2020 21:50 - TUNA Mirror Team wrote: Hi, all
On our servers, the following UAs are blocked and similar repeated requests
against large iso files can be rejected:
map $http_user_agent $isbadbrowser {
default 0;
"~*Mozilla/5\.0 \(Linux; Android\)" 1;
"~*Chrome/49\.0\.2623\.87" 1;
"~*Firefox/3.6.3" 1;
}
According to our experience of operating largest mirror site in China, such
User-Agent list is able to protect against most of those traffic, IP blocking
is
not needed and the list didn't require an update for several years.
Great to know. I have just implemented it with your suggestion. I will monitor
the traffic for 2-3 days and see if it works.
thanks
epe
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos-mirror/attachments/20201012/420405ff/attachment.html>
- Previous message: [CentOS-mirror] [Ticket#2020100504000801] Potential DOS attack against a mirror
- Next message: [CentOS-mirror] [Ticket#2020100504000801] Potential DOS attack against a mirror
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS-mirror mailing list