Archive for the 'Apache' Category

Blocking fight continues!

Tuesday, October 21st, 2008

Ok so today I have noticed that ranking ramp-up for a specific person still continues. I have blocked one device, but the other found another one, it seems..

Both devices are mobile phones of the same carrier - KDDI. Looks like some manager (the site is a talents' directory site) decided to rank his favorite pet up, no matter what, but it also looks like that person is only doing this from mobile phone, and his carrier stands unchanged. So, I decided to tighten block logic (if you can call that logic) on that specific person's profile.

Before, I was only blocking a specific User-Agent:

RewriteCond %{HTTP_USER_AGENT} "KDDI\-KC35 UP\.Browser/6\.2\.0\.5" [NC]
RewriteRule ^.*$ - [F,L]
The new approach is to block all mobile phones of the carrier in question, which try to access the profile of the person in question, so the rewritecond was changed to the following:
RewriteCond %{HTTP_USER_AGENT} "KDDI" [NC]
RewriteCond %{REQUEST_URI} "/ono/profile" [NC]
RewriteRule ^.*$ - [F,L]
So basically, in the first line I set on of rewrite conditions to be true when User-Agent of the device accessing the site contains the "KDDI" string (the name of the carrier), and the second line make the block more specific, telling only to apply the first rule when access is coming to the "/ono/profile" URI.
If both of these conditions are satisfied, the rewrite rule on the third line denies access to the page in question.
OK. Lets see how the smarty pants manager deals with that ;) 

Posted in Apache, Servers | No Comments »

Block Apache users based on their User-Agent

Friday, October 17th, 2008

On one of my servers, I was under some weird "ranking up!" attack, which basically was just a loop of requests to one user's profile (making that users access count higher, and therefore ranking higher in the access top)

Here's what my Apache logs were telling me:

218.25.251.170 - - [17/Oct/2008:11:02:26 +0900] "GET /ono/profile HTTP/1.1" 200 2363 "-" "KDDI-KC35 UP.Browser/6.2.0.5 (GUI) MMP/2.0"
218.25.251.170 - - [17/Oct/2008:11:02:30 +0900] "GET /ono/profile HTTP/1.1" 200 2363 "-" "KDDI-KC35 UP.Browser/6.2.0.5 (GUI) MMP/2.0"
218.25.251.170 - - [17/Oct/2008:11:02:34 +0900] "GET /ono/profile HTTP/1.1" 200 2363 "-" "KDDI-KC35 UP.Browser/6.2.0.5 (GUI) MMP/2.0"

So, the flood of accesses was originating from some user who was using a KDDI-flavour browser (it is a mobile phone browser used in Japanese AU operator's phones).
Luckily, though we do support mobile browsers to a degree, that's not the main feature of the site, so I have decided I can block that specific browser without affecting too many users (if any).
There are actually at least two ways to block a user from visiting you site, based on User-Agent. First is setting server environment variable and then denying users for which that variable has been set:
for example:
SetEnvIfNoCase User-Agent Mozilla getout
<Directory "/var/www/html/myserver">
Order allow,deny
Allow from all
Deny from env=getout
</Directory>
will deny all users who user Mozilla-based browsers (this includes Safari as well, as it has the "Mozilla" substring in its user agent).
However, with the site in question was running on Rails, and being served by a Mongrel cluster (via proxy balancer), the directives above didn't work for me somehow..
I had to add the following just below the RewriteEngine On directive to achieve the same blocking effect (now, targeted specifically to the offender's browser in question):
RewriteCond %{HTTP_USER_AGENT} "KDDI\-KC35 UP\.Browser/6\.2\.0\.5" [NC]
RewriteRule ^.*$ - [F,L]
Restarted Apache, and all the flood of accesses just stopped. A user was started to get access denied errors on his/her site.
Sure it wouldn't be as easy if you have flood accesses from more popular browsers (I guess in that case you'll have to block by both user agent and, say, user's subnetwork). But it worked in my limited case. Hopefully will have somebody else to fight flooders, as well :)

Posted in Apache, Mongrel, Servers | No Comments »

Using PHP inside Rails structure on Apache

Friday, June 29th, 2007

I do alot of development in Rails recently, and it all goes fine and nice, and Rails is fast and easy to use, but sometimes I'm better off using already existing PHP scripts. Just place them into Rails project, and they just work (think of PHP-based web forms etc).

How do you setup your Apache & Mongrel cluster based Rails project to support execution of PHP scripts inside the Rails project structure? Very easy, actually. (more…)

Posted in Apache, PHP, Ruby on Rails, Servers | 3 Comments »