2.8. Banning IP Addresses That Overload Applications

If an application user accesses an application with excessive frequency, you can block that user by banning their IP address.

Note

The ban instituted by the following procedure applies to all gears on the node host, including the over-accessed gear.

Procedure 2.5. To Ban an IP Address:

  1. Run the following command to view a CNAME to the node host where the application's gear is located:
    # dig appname-domain.example.com
  2. On the node host identified in the previous step, check the application's apache logs for unusual activity. For example, a high frequency of accesses (3 to 5 per second) from the same IP address in the access_log file may indicate abuse:
    # tail -f /var/lib/openshift/appUUID/appname/logs/*
  3. Ban the offending IP addresses by placing them in iptables, running the following command for each IP address:
    # iptables -A INPUT -s IP_address -j DROP
  4. If you are using a configuration management system, configure it appropriately to ban the offending IP addresses. For non-managed configurations, save your new iptables rules:
    # service iptables save