[Jenkins-infra] Excessive api/json access on ci.jenkins-ci.org
aheritier at gmail.com
Wed Oct 3 10:02:42 UTC 2012
eXo will make public various modules we developed for puppet :-)
Thus it will be easy to reuse them
On Tue, Oct 2, 2012 at 6:49 PM, Arnaud Héritier <aheritier at gmail.com> wrote:
> We don't have fail2ban (http://www.fail2ban.org/wiki/index.php/Main_Page)
> on these servers (I don't see it on cucumber and didn't find a module for
> it in puppet)?
> If you find it interesting I may ask to my boss to contribute our puppet
> module for it (it is simple and efficient to protect us against various
> On Tue, Oct 2, 2012 at 6:18 PM, R. Tyler Croy <tyler at monkeypox.org> wrote:
>> On Tue, 02 Oct 2012, Kohsuke Kawaguchi wrote:
>> > Since yesterday, HTTP service on cucumber is flipping on Nagios.
>> > I looked at mod_status output, and there are excessive number of
>> > requests to various JSON API endpoints. I manually baned two of them
>> > in iptables, but there seems to be a larger number of clients
>> > incurring more loads from all sorts of IP addresses. Interestingly,
>> > all the user agents are Apple WebKit.
>> > I suspect these requests are keeping Apache occupied and occasionally
>> > cause the service to exceed the 10 sec connection timeout.
>> > I need to head to JavaOne, but just wanted to share the outcome of my
>> > little investigation thus far.
>> > I wonder if we can strip away anonymous read access to
>> > ci.jenkins-ci.org from temporarily during JavaOne. I'd like apache to
>> > serve jenkins-ci.org, and this is the week we are getting extra
>> > visibility.
>> I went ahead and disabled anonymous read access temporarily.
>> - R. Tyler Croy
>> Code: https://github.com/rtyler
>> Chatter: https://twitter.com/agentdero
>> Jenkins-infra mailing list
>> Jenkins-infra at lists.jenkins-ci.org
> Arnaud Héritier
> Mail/GTalk: aheritier at gmail.com
> Twitter/Skype : aheritier
Mail/GTalk: aheritier at gmail.com
Twitter/Skype : aheritier
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Jenkins-infra