On Mon, Apr 30, 2007, Daniel Appleby wrote: > Hi, > > We have an issue where peoples boxes that have java installed basically > hit our proxy continuously (java must get the settings from IE). The > proxy requires auth so it sends back a 407. The java updater ignores > this and tries again. > > So our logs fill up with machines (only takes one or two) requesting the > same file and getting the same response time after time. This is most > cases peoples laptops so we it's hard to police the machines as they > come and go so quickly. Ah, I remember this. The horrible jre downloader that (a) doesn't grok auth, and (b) fails miserably to wait anything longer than a few ms before retrying. I ended up just putting an ACL into Squid whenever I saw this and had the user contact us for "help". Alternatively you could just allow that particular URL non-authenticated access. Adrian > A snip of the spam we get: > > 1173963552.808 1 128.184.46.108 TCP_DENIED/407 11494 GET > http://java.sun.com/webapps/download/GetFile/1.5.0_03-b07/windows-i586/jre1.5.0_03.msi > - NONE/- text/html > 1173963552.810 1 128.184.118.146 TCP_DENIED/407 11494 GET > http://java.sun.com/webapps/download/GetFile/1.5.0_03-b07/windows-i586/jre1.5.0_03.msi > - NONE/- text/html > 1173963552.819 9 128.184.46.108 TCP_DENIED/407 11494 GET > http://java.sun.com/webapps/download/GetFile/1.5.0_03-b07/windows-i586/jre1.5.0_03.msi > - NONE/- text/html > 1173963552.822 1 128.184.46.108 TCP_DENIED/407 11494 GET > http://java.sun.com/webapps/download/GetFile/1.5.0_03-b07/windows-i586/jre1.5.0_03.msi > - NONE/- text/html > 1173963552.827 3 128.184.118.146 TCP_DENIED/407 11494 GET > http://java.sun.com/webapps/download/GetFile/1.5.0_03-b07/windows-i586/jre1.5.0_03.msi > - NONE/- text/html > 1173963552.828 2 128.184.46.108 TCP_DENIED/407 11494 GET > http://java.sun.com/webapps/download/GetFile/1.5.0_03-b07/windows-i586/jre1.5.0_03.msi > - NONE/- text/html > 1173963552.843 4 128.184.46.108 TCP_DENIED/407 11494 GET > http://java.sun.com/webapps/download/GetFile/1.5.0_03-b07/windows-i586/jre1.5.0_03.msi > - NONE/- text/html > 1173963552.843 4 128.184.118.146 TCP_DENIED/407 11494 GET > http://java.sun.com/webapps/download/GetFile/1.5.0_03-b07/windows-i586/jre1.5.0_03.msi > - NONE/- text/html > 1173963552.848 1 128.184.46.108 TCP_DENIED/407 11494 GET > http://java.sun.com/webapps/download/GetFile/1.5.0_03-b07/windows-i586/jre1.5.0_03.msi > - NONE/- text/html > 1173963552.853 1 128.184.46.108 TCP_DENIED/407 11494 GET > http://java.sun.com/webapps/download/GetFile/1.5.0_03-b07/windows-i586/jre1.5.0_03.msi > - NONE/- text/html > 1173963552.862 4 128.184.118.146 TCP_DENIED/407 11494 GET > http://java.sun.com/webapps/download/GetFile/1.5.0_03-b07/windows-i586/jre1.5.0_03.msi > - NONE/- text/html > 1173963552.863 3 128.184.46.108 TCP_DENIED/407 11494 GET > http://java.sun.com/webapps/download/GetFile/1.5.0_03-b07/windows-i586/jre1.5.0_03.msi > - NONE/- text/html > 1173963552.880 3 128.184.46.108 TCP_DENIED/407 11494 GET > http://java.sun.com/webapps/download/GetFile/1.5.0_03-b07/windows-i586/jre1.5.0_03.msi > - NONE/- text/html > > > Does anyone know a way to stop people doing this? I don't really want to > iptables them off. Can you restrict the number of requests per ip to a file? > > Thanks > Daniel > > -- > ----------------------------------------------------------------------------- > Daniel Appleby -- - Xenion - http://www.xenion.com.au/ - VPS Hosting - Commercial Squid Support - - $25/pm entry-level bandwidth-capped VPSes available in WA -