Access limitation & User-Agent
Tom Poage
tfpoage at ucdavis.edu
Thu Nov 16 18:18:42 EST 2017
Since you mention "rewritecond," something like this might work:
BrowserMatch "gvfs/1.20.3" bad_client
RewriteCond %{ENV:bad_client} =1
RewriteRule ^/Shibboleth.sso/Login\b - [forbidden]
Tom.
> On Nov 16, 2017, at 8:02 AM, Marc Kalberer <info at programmers.ch> wrote:
>
> Hello,
> While looking at my log I saw that I have a huge amount of request to my Shibboleth.sso
>
> ex:
> 212.xxx.xx.xxx - - [16/Nov/2017:16:36:30 +0100] "HEAD /Shibboleth.sso/Login?target=https%3A%2F%2Fxxxxch%2Ffr%3Fq%3Dshib_login%2Fcollections HTTP/1.1" 302 161 "-" "gvfs/1.20.3"
>
> It doesn't seems to be "normal" access (18'000 today !!).
>
> The IP belong to a state network, so I can't block it, but wouldn't it be possible to add some condition and block any gvfs/1.20.3 user-agent ?
>
> Since rewritecond seems not been able to handle <location> filtering, how can I do this ?
>
> --
> --
> Programmers.ch
> Développement WEB
> Solutions libres et Opensources
> Tel: ++41 76 44 888 72
> Site: http://www.programmers.ch
> --
> For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
More information about the users
mailing list