check_web_load plugin

Skip Montanaro skip at pobox.com
Wed Feb 4 00:07:30 CET 2004

Previous message: check_web_load plugin
Next message: Reports only show data from a specific time period?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Jason> One common problem with auto-blacklists like that is it can be
    Jason> used to DoS your host -- just start sending in spoofed IP
    Jason> addresses and get your host to blacklist its own GW or such.

Sure, you have to exercise due diligence, and I don't auto-blacklist any
address.  Before cutting off an IP address, I see if it will resolve,
traceroute it, and also have a look at my access_log to see what the pattern
of accesses looks like.  I'm more likely to cut some slack for the source if
it's an AOL address because I know they rely heavily on proxies.  If AOL
decides to feature my piddly little website on their home page (I should be
so lucky), I'll take my lumps.  In any case, the access pattern for 10,000
AOL users coming through a handful of AOL proxies is going to be a lot
different than the access pattern of a single cretin harvesting email
addresses from his about-to-be-shit-canned DSL address.  Also, note that the
AOL phenomenon probably wouldn't rate a Nagios warning anyway.  It's likely
that multiple proxies would be hitting my site, so the top two client IP
addresses would probably have similar numbers of accesses.

In any case, it doesn't really matter if the IP address is spoofed or not,
if the requests show clear evidence that a crawler is simply marching
through my site link-by-link and making my web server unusable I have no
real choice but to block it.  The issue for me is detecting that situation
before my server's load average exceeds the national speed limit.  After a
few hours I can execute my enable-host function to delete the blocking route
anyway.  Nothing's permanent.

Skip


-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null

Previous message: check_web_load plugin
Next message: Reports only show data from a specific time period?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users mailing list