此内容没有您所选择的语言版本。
2.8. Banning IP Addresses That Overload Applications
If an application user accesses an application with excessive frequency, you can block that user by banning their IP address.
Note
The ban instituted by the following procedure applies to all gears on the node host, including the over-accessed gear.
Procedure 2.5. To Ban an IP Address:
- Run the following command to view a CNAME to the node host where the application's gear is located:
dig appname-domain.example.com
# dig appname-domain.example.comdig appname-domain.example.com
Copy to Clipboard Copied! Toggle word wrap Toggle overflow - On the node host identified in the previous step, check the application's apache logs for unusual activity. For example, a high frequency of accesses (3 to 5 per second) from the same IP address in the
access_log
file may indicate abuse:tail -f /var/lib/openshift/appUUID/appname/logs/*
# tail -f /var/lib/openshift/appUUID/appname/logs/*tail -f /var/lib/openshift/appUUID/appname/logs/*tail -f /var/lib/openshift/appUUID/appname/logs/*tail -f /var/lib/openshift/appUUID/appname/logs/*tail -f /var/lib/openshift/appUUID/appname/logs/*
Copy to Clipboard Copied! Toggle word wrap Toggle overflow - Ban the offending IP addresses by placing them in iptables, running the following command for each IP address:
iptables -A INPUT -s IP_address -j DROP
# iptables -A INPUT -s IP_address -j DROPiptables -A INPUT -s IP_address -j DROPiptables -A INPUT -s IP_address -j DROP
Copy to Clipboard Copied! Toggle word wrap Toggle overflow - If you are using a configuration management system, configure it appropriately to ban the offending IP addresses. For non-managed configurations, save your new iptables rules:
service iptables save
# service iptables save
Copy to Clipboard Copied! Toggle word wrap Toggle overflow