此内容没有您所选择的语言版本。

2.8. Banning IP Addresses That Overload Applications


If an application user accesses an application with excessive frequency, you can block that user by banning their IP address.

Note

The ban instituted by the following procedure applies to all gears on the node host, including the over-accessed gear.

Procedure 2.5. To Ban an IP Address:

  1. Run the following command to view a CNAME to the node host where the application's gear is located:
    # dig appname-domain.example.comdig appname-domain.example.com
    Copy to Clipboard Toggle word wrap
  2. On the node host identified in the previous step, check the application's apache logs for unusual activity. For example, a high frequency of accesses (3 to 5 per second) from the same IP address in the access_log file may indicate abuse:
    # tail -f /var/lib/openshift/appUUID/appname/logs/*tail -f /var/lib/openshift/appUUID/appname/logs/*tail -f /var/lib/openshift/appUUID/appname/logs/*tail -f /var/lib/openshift/appUUID/appname/logs/*tail -f /var/lib/openshift/appUUID/appname/logs/*
    Copy to Clipboard Toggle word wrap
  3. Ban the offending IP addresses by placing them in iptables, running the following command for each IP address:
    # iptables -A INPUT -s IP_address -j DROPiptables -A INPUT -s IP_address -j DROPiptables -A INPUT -s IP_address -j DROP
    Copy to Clipboard Toggle word wrap
  4. If you are using a configuration management system, configure it appropriately to ban the offending IP addresses. For non-managed configurations, save your new iptables rules:
    # service iptables save
    Copy to Clipboard Toggle word wrap
返回顶部
Red Hat logoGithubredditYoutubeTwitter

学习

尝试、购买和销售

社区

关于红帽文档

通过我们的产品和服务,以及可以信赖的内容,帮助红帽用户创新并实现他们的目标。 了解我们当前的更新.

让开源更具包容性

红帽致力于替换我们的代码、文档和 Web 属性中存在问题的语言。欲了解更多详情,请参阅红帽博客.

關於紅帽

我们提供强化的解决方案,使企业能够更轻松地跨平台和环境(从核心数据中心到网络边缘)工作。

Theme

© 2025 Red Hat