Issue #283: Enhance wiki reliability - centos-infra

centos-infra

#283 Enhance wiki reliability

Closed: Fixed Apr 12, 2021 by arrfab. Opened Apr 9, 2021 by arrfab.

it's spammers/bots season again, so having to investigate new techniques to mitigate the load on wiki.

Issue status updated to: Open (was: Closed)

Apr 12, 2021

arrfab commented Apr 12, 2021

While I initially thought about using varnish as intermediate cache to not load httpd itself, I had a quick look at current load and kind of IP blocks that spammers were using.
I've currently mitigated this (so no varnish cache, but something to still consider eventually) with two things:

Adding https://iplists.firehol.org/?ipset=firehol_abusers_30d list to the current ipset list we have (through iptables roles)
Added mod_qos on httpd itself to mitigate flood if ip isn't listed (yet) in DenyList listed above

Closing for now has it already had a huge perf impact while keep service running and back to normal load (no more OOM for httpd processes)

Metadata Update from @arrfab:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

Apr 12, 2021

Metadata Update from @arrfab:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

Apr 12, 2021

Metadata

Assignee

arrfab

Tags

Blocking

None

Depending on

None

Priority

Low

centos-infra

#283 Enhance wiki reliability Closed: Fixed Apr 12, 2021 by arrfab. Opened Apr 9, 2021 by arrfab.

Metadata

centos-common-infra high-gain medium-trouble

#283 Enhance wiki reliability

Closed: Fixed Apr 12, 2021 by arrfab. Opened Apr 9, 2021 by arrfab.