If they are serious they use multiple IP addresses. If you are self
hosting, for a DOS case their is not much you can do other than blocking
the ip address(s) on the router.
Usually after a couple of days they get bored and try some where else.
It is worth having some internal filter mechanism in your app that
checks for page abuse, so they get 403's.
On 27/06/2024 16:47, James H. H. Lampert wrote:
On 6/27/24 8:01 AM, Christopher Schultz wrote:
"100 404s in a minute per-IP"
Actually, what I was seeing, once the webapp developer pointed me in
the right direction, was several dozen 404s per *second* from a single
IP.
Not sure if Fail2ban would even work in this situation: like the
overwhelming majority of the customer Tomcat installations we've done,
this one is running on an IBM Midrange box (AS/400, iSeries, or
whatever IBM is calling it this week). Which is probably how the huge
amount of CPU usage was so easy to spot: WRKACTJOB is more
user-friendly than any Linux-equivalent (or Mac-equivalent or
WinDoze-equivalent) I've seen.
--
JHHL
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
