This is an old problem, I have already re-posted the solution once - the original author was the TUNA Mirror Team. https://lists.centos.org/pipermail/centos-mirror/2020-October/024445.html Maybe it would be a good idea to add this info to the CentOS wiki https://wiki.centos.org/HowTos/CreatePublicMirrors , so it wouldn't be "loop" asked again. By the way, if a mirror/firewall can't handle a few 403 requests from a few hosts then it's really a big problem. ;) Have a nice day! Cheers, Peter On 2022. 04. 27. 20:55, Paul Mezzanini wrote: > We've been noticing the exact same behaviour and are still discussing > internally the best way to address it. > > On Wed, Apr 27, 2022 at 2:28 PM Stephen Smoogen <ssmoogen at redhat.com > <mailto:ssmoogen at redhat.com>> wrote: > > > > On Wed, 27 Apr 2022 at 14:16, Russell Jones <arjones85 at gmail.com > <mailto:arjones85 at gmail.com>> wrote: > > So, for whatever reason my mirror seems to be getting targeted > by China: > > [root at repos ~]# tail -f access.log | grep 403 > 112.22.135.89 - - [27/Apr/2022:13:10:52 -0500] "GET > /centos/7.9.2009/isos/x86_64/CentOS-7-x86_64-Everything-2009.iso > HTTP/1.1" 403 153 "-" "curl/7.29.0" > > > <deleted> > > I geoblocked the country about a week ago, but the requests > haven't stopped. It was at the level that it was maxing out my > 1gbit/sec link until I did something. > > Anyone else seeing anything similar? > > > I have seen this going for about 10 years with different mirrors. > The connections are one of three things: > 1. Automated downloaders getting blocked by Great-Firewall > configurations getting to a certain point > 2. Malware installed on a lot of systems being commanded to > download the software and desist. This is usually done to cause > bandwidth issues all through the stack. They are either getting > stopped by firewalls or just stopping the connections themselves > as part of the badness. > > From mirror managing Fedora, number 2 seems to be more likely as a > lot of the IP addresses doing this never show up on asking > mirrormanager for downloads. Instead they seem to have gotten a > list of mirrors from some third party and are being commanded to > do the infinite downloads. I don't know if this is similar with > what is going on now. > > > > > > _______________________________________________ > CentOS-mirror mailing list > CentOS-mirror at centos.org <mailto:CentOS-mirror at centos.org> > https://lists.centos.org/mailman/listinfo/centos-mirror > > > > -- > Stephen Smoogen, Red Hat Automotive > Let us be kind to one another, for most of us are fighting a hard > battle. -- Ian MacClaren > _______________________________________________ > CentOS-mirror mailing list > CentOS-mirror at centos.org <mailto:CentOS-mirror at centos.org> > https://lists.centos.org/mailman/listinfo/centos-mirror > > > _______________________________________________ > CentOS-mirror mailing list > CentOS-mirror at centos.org > https://lists.centos.org/mailman/listinfo/centos-mirror -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos-mirror/attachments/20220427/88723a2c/attachment.html>