[CentOS-mirror] [Ticket#2020100504000801] Potential DOS attack against a mirror

Mon Oct 12 15:42:25 UTC 2020
CEDIA FOSS Mirrors <mirror at cedia.org.ec>

10/07/2020 21:50 - TUNA Mirror Team wrote: Hi, all

On our servers, the following UAs are blocked and similar repeated requests
against large iso files can be rejected:

map $http_user_agent $isbadbrowser {
 default 0;
 "~*Mozilla/5\.0 \(Linux; Android\)" 1;
 "~*Chrome/49\.0\.2623\.87" 1;
 "~*Firefox/3.6.3" 1;
}

According to our experience of operating largest mirror site in China, such
User-Agent list is able to protect against most of those traffic, IP blocking
is
not needed and the list didn't require an update for several years.
 
Great to know. I have just implemented it with your suggestion. I will monitor
the traffic for  2-3 days and see if it works.

thanks
epe

 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos-mirror/attachments/20201012/420405ff/attachment-0005.html>