[CentOS-mirror] [Ticket#2020100504000801] Potential DOS attack against a mirror

Thu Oct 15 15:10:43 UTC 2020
CEDIA FOSS Mirrors <mirror at cedia.org.ec>

10/12/2020 10:50 - CEDIA FOSS Mirrors via CentOS-mirror wrote: 10/07/2020
21:50 - TUNA Mirror Team wrote: Hi, all

On our servers, the following UAs are blocked and similar repeated requests
against large iso files can be rejected:

map $http_user_agent $isbadbrowser {
 default 0;
 "~*Mozilla/5\.0 \(Linux; Android\)" 1;
 "~*Chrome/49\.0\.2623\.87" 1;
 "~*Firefox/3.6.3" 1;
}

According to our experience of operating largest mirror site in China, such
User-Agent list is able to protect against most of those traffic, IP blocking
is
not needed and the list didn't require an update for several years.
 
Great to know. I have just implemented it with your suggestion. I will monitor
the traffic for  2-3 days and see if it works.
 
hi
just to let know that the traffic during this week has been lower than last
week when we blocked CN and way lower than 2 weeks ago when we have no control
implemented.

So to sum it up: as suggested by TUNA team, by blocking queries based on
misbehaved user-agents we were able to lower the traffic in a significant
amount (25-30% lower than 2 weeks ago).

regards
epe

thanks
epe

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos-mirror/attachments/20201015/bc0f44a3/attachment-0005.html>