On 30.04.07 19:30, Daniel Appleby wrote:
> We have an issue where peoples boxes that have java installed basically
> hit our proxy continuously (java must get the settings from IE). The
> proxy requires auth so it sends back a 407. The java updater ignores
> this and tries again.
>
> So our logs fill up with machines (only takes one or two) requesting the
> same file and getting the same response time after time. This is most
> cases peoples laptops so we it's hard to police the machines as they
> come and go so quickly.
>
> A snip of the spam we get:
>
> 1173963552.808 1 128.184.46.108 TCP_DENIED/407 11494 GET
> http://java.sun.com/webapps/download/GetFile/1.5.0_03-b07/windows-i586/jre1.5.0_03.msi
> - NONE/- text/html
[repeates 10 times]
> Does anyone know a way to stop people doing this? I don't really want to
> iptables them off. Can you restrict the number of requests per ip to a file?
even if you would, they will still request for it, and become logged/denied.
You only can do things at firewall level, maybe limit number of connects per
second, if not denying them. Note that such limit should not apply on global
level, since other clients may use many connections per second too...
I don't think that this problme can be solved other way than fixing or
blocking those clients ...
-- Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. The only substitute for good manners is fast reflexes.Received on Mon Apr 30 2007 - 03:34:32 MDT
This archive was generated by hypermail pre-2.1.9 : Tue May 01 2007 - 12:00:01 MDT