James,
On 6/27/24 11:47, James H. H. Lampert wrote:
On 6/27/24 8:01 AM, Christopher Schultz wrote:
"100 404s in a minute per-IP"
Actually, what I was seeing, once the webapp developer pointed me in the
right direction, was several dozen 404s per *second* from a single IP.
Not sure if Fail2ban would even work in this situation: like the
overwhelming majority of the customer Tomcat installations we've done,
this one is running on an IBM Midrange box (AS/400, iSeries, or whatever
IBM is calling it this week). Which is probably how the huge amount of
CPU usage was so easy to spot: WRKACTJOB is more user-friendly than any
Linux-equivalent (or Mac-equivalent or WinDoze-equivalent) I've seen.
Yeah... some lazy Google searches for "fail2ban" along with various
synonyms for os/as/400 and ibm midrange don't come up with much.
I might reach-out to your IBM contacts and/or OS/400 "community" to see
if anyone has any suggestions.
In the meantime, use whatever tools are at your disposal to just bin
every connection from that IP.
I found an article from 1998 on getting rhe OS/400 firewall up and
running. Evidently, there is a web interface for configuration. Maybe it
won't be a huge headache to simply firewall that IP out of your environment.
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org