Add a juju action to report on top visits by IP
Bug #1916747 reported by
Tom Haddon
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Content Cache Charm |
Confirmed
|
Low
|
Unassigned |
Bug Description
During a potential DoS attack it's useful to quickly retrieve a list of most visits by IP. During a recent issue, an SRE ran the following:
juju run --application content-
This should really be a juju action so it's very obvious and easy for anyone to do this.
Related branches
~ballot/content-cache-charm/+git/content-cache-charm:request_per_ip_action
On hold
for merging
into
content-cache-charm:master
- Content Cache Charmers: Pending requested
-
Diff: 90 lines (+78/-0)2 files modifiedactions.yaml (+11/-0)
actions/get-requests-per-ip (+67/-0)
Changed in content-cache-charm: | |
status: | New → Confirmed |
importance: | Undecided → Medium |
Changed in content-cache-charm: | |
importance: | Medium → Low |
To post a comment you must log in.
This command would be better as it supports IPv6 as well as includes the sites or listen stanzas being hit:
| awk '/Feb 25 06:/ && $6 !~ /127.0.0.1/ {print $6 " " $8 }' /var/log/ haproxy. log | sed -e 's/:[0-9]* / /' | sort | uniq -c | sort -k1 -n -r | head
We also want to replace the date/time "Feb 25 06:" with the last 20 mins or so.