Uploaded image for project: 'CPE Infrastructure'
  1. CPE Infrastructure
  2. CPE-2685

Bodhi is being flooded with invalid requests

XMLWordPrintable

    • False
    • None
    • False
    • Testable

      https://pagure.io/fedora-infrastructure/issue/12305

      1. Describe what you would like us to do:
        Looking at the bodhi-web pods logs it seems that Bodhi is being flooded by invalid requests to fake update aliases (the url itself is also wrong):alien:
        ```
        2024-11-25 06:50:35,886 WARNI [bodhi.server][ThreadPoolExecutor-0_0] /comments/updates/FEDORA-2021-22d74b54e8
        2024-11-25 06:50:35,955 WARNI [bodhi.server][ThreadPoolExecutor-0_1] /updates/updates/FEDORA-2023-0830dde91b
        2024-11-25 06:50:36,260 WARNI [bodhi.server][ThreadPoolExecutor-0_0] Unauthorized: get_update_for_editing__GET failed permission check
        2024-11-25 06:50:36,605 WARNI [bodhi.server][ThreadPoolExecutor-0_0] /updates/updates/FEDORA-2022-09d03d2a43
        2024-11-25 06:50:36,953 WARNI [bodhi.server][ThreadPoolExecutor-0_1] Unauthorized: get_update_for_editing__GET failed permission check
        2024-11-25 06:50:37,050 WARNI [bodhi.server][ThreadPoolExecutor-0_1] /updates/updates/FEDORA-2022-dbdf746d1a
        2024-11-25 06:50:37,476 WARNI [bodhi.server][ThreadPoolExecutor-0_1] Unauthorized: get_update_for_editing__GET failed permission check
        2024-11-25 06:50:37,603 WARNI [bodhi.server][ThreadPoolExecutor-0_1] /updates/updates/FEDORA-2019-a02474637d
        2024-11-25 06:50:37,847 WARNI [bodhi.server][ThreadPoolExecutor-0_0] Unauthorized: get_update_for_editing__GET failed permission check
        2024-11-25 06:50:37,880 WARNI [bodhi.server][ThreadPoolExecutor-0_0] /updates/updates/FEDORA-2019-dd53c71ec1
        2024-11-25 06:50:39,017 WARNI [bodhi.server][ThreadPoolExecutor-0_0] /updates/updates/FEDORA-2022-f371b47bec
        2024-11-25 06:50:39,120 WARNI [bodhi.server][ThreadPoolExecutor-0_1] Unauthorized: get_update_for_editing__GET failed permission check
        2024-11-25 06:50:39,582 WARNI [bodhi.server][ThreadPoolExecutor-0_0] /comments/updates/FEDORA-2015-11464
        2024-11-25 06:50:39,679 WARNI [bodhi.server][ThreadPoolExecutor-0_0] /updates/updates/FEDORA-2019-83aceddd6b
        2024-11-25 06:50:39,711 WARNI [bodhi.server][ThreadPoolExecutor-0_0] Unauthorized: get_update_for_editing__GET failed permission check
        2024-11-25 06:50:39,767 WARNI [bodhi.server][ThreadPoolExecutor-0_1] /comments/updates/FEDORA-2014-14944
        2024-11-25 06:50:39,879 WARNI [bodhi.server][ThreadPoolExecutor-0_0] /updates/updates/FEDORA-2022-dbdf746d1a
        2024-11-25 06:50:40,178 WARNI [bodhi.server][ThreadPoolExecutor-0_1] /updates/updates/FEDORA-2022-f371b47bec
        2024-11-25 06:50:41,109 WARNI [bodhi.server][ThreadPoolExecutor-0_0] /updates/updates/FEDORA-2019-83aceddd6b
        2024-11-25 06:50:41,170 WARNI [bodhi.server][ThreadPoolExecutor-0_0] /comments/updates/FEDORA-2015-13550
        2024-11-25 06:50:41,295 WARNI [bodhi.server][ThreadPoolExecutor-0_0] /updates/updates/FEDORA-2016-94bffcb6ed
        2024-11-25 06:50:41,333 WARNI [bodhi.server][ThreadPoolExecutor-0_1] /updates/updates/FEDORA-EPEL-2014-2386
        2024-11-25 06:50:41,459 WARNI [bodhi.server][ThreadPoolExecutor-0_1] /updates/updates/FEDORA-2015-3653
        2024-11-25 06:50:41,958 WARNI [bodhi.server][ThreadPoolExecutor-0_1] /updates/updates/FEDORA-2017-0e31803fc1
        2024-11-25 06:50:42,177 WARNI [bodhi.server][ThreadPoolExecutor-0_0] /updates/updates/FEDORA-2019-d468cf5d22
        2024-11-25 06:50:42,210 WARNI [bodhi.server][ThreadPoolExecutor-0_0] /updates/updates/FEDORA-2019-eeef2eaafa
        2024-11-25 06:50:42,371 WARNI [bodhi.server][ThreadPoolExecutor-0_0] Unauthorized: get_update_for_editing__GET failed permission check
        2024-11-25 06:50:42,900 WARNI [bodhi.server][ThreadPoolExecutor-0_0] /updates/updates/FEDORA-2020-c2c030d4e9
        2024-11-25 06:50:43,956 WARNI [bodhi.server][ThreadPoolExecutor-0_0] /updates/updates/FEDORA-2019-eeef2eaafa
        2024-11-25 06:50:43,961 WARNI [bodhi.server][ThreadPoolExecutor-0_0] /comments/updates/FEDORA-2015-13550
        ```

      This leads to high cpu usage, I don't know if it's the cause for sporadic pod reboots (yesterday morning I received a couple of notifications about that).

      Is there a way to block these requests from happening? Maybe looking at the apache logs and block the offending IP(s)?

      1. When do you need this to be done by? (YYYY/MM/DD)
        As soon as someone is able to do so... I'm not

              Unassigned Unassigned
              rh-ee-mkonecny Michal Konecny
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: