[Jenkins-infra] Excessive api/json access on ci.jenkins-ci.org
Arnaud Héritier
aheritier at gmail.com
Wed Oct 3 10:02:42 UTC 2012
Good news.
eXo will make public various modules we developed for puppet :-)
Thus it will be easy to reuse them
On Tue, Oct 2, 2012 at 6:49 PM, Arnaud Héritier <aheritier at gmail.com> wrote:
> We don't have fail2ban (http://www.fail2ban.org/wiki/index.php/Main_Page)
> on these servers (I don't see it on cucumber and didn't find a module for
> it in puppet)?
> If you find it interesting I may ask to my boss to contribute our puppet
> module for it (it is simple and efficient to protect us against various
> attacks).
>
> On Tue, Oct 2, 2012 at 6:18 PM, R. Tyler Croy <tyler at monkeypox.org> wrote:
>
>>
>> On Tue, 02 Oct 2012, Kohsuke Kawaguchi wrote:
>>
>> > Since yesterday, HTTP service on cucumber is flipping on Nagios.
>> >
>> > I looked at mod_status output, and there are excessive number of
>> > requests to various JSON API endpoints. I manually baned two of them
>> > in iptables, but there seems to be a larger number of clients
>> > incurring more loads from all sorts of IP addresses. Interestingly,
>> > all the user agents are Apple WebKit.
>> >
>> > I suspect these requests are keeping Apache occupied and occasionally
>> > cause the service to exceed the 10 sec connection timeout.
>> >
>> > I need to head to JavaOne, but just wanted to share the outcome of my
>> > little investigation thus far.
>> >
>> > I wonder if we can strip away anonymous read access to
>> > ci.jenkins-ci.org from temporarily during JavaOne. I'd like apache to
>> > serve jenkins-ci.org, and this is the week we are getting extra
>> > visibility.
>>
>> I went ahead and disabled anonymous read access temporarily.
>>
>>
>> - R. Tyler Croy
>> --------------------------------------
>> Code: https://github.com/rtyler
>> Chatter: https://twitter.com/agentdero
>>
>> _______________________________________________
>> Jenkins-infra mailing list
>> Jenkins-infra at lists.jenkins-ci.org
>> http://lists.jenkins-ci.org/mailman/listinfo/jenkins-infra
>>
>>
>
>
> --
> -----
> Arnaud Héritier
> 06-89-76-64-24
> http://aheritier.net
> Mail/GTalk: aheritier at gmail.com
> Twitter/Skype : aheritier
>
>
--
-----
Arnaud Héritier
06-89-76-64-24
http://aheritier.net
Mail/GTalk: aheritier at gmail.com
Twitter/Skype : aheritier
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.jenkins-ci.org/pipermail/jenkins-infra/attachments/20121003/12a7a7f8/attachment-0001.html>
More information about the Jenkins-infra
mailing list