[ic] Too many new ID assignments for this IP address

John1 list_subscriber at yahoo.co.uk
Thu Oct 28 17:01:23 EDT 2004


We are getting a lot of errors in our Interchange error log like:

"Too many new ID assignments for this IP address. Please wait at least 24
hours before trying again. Only waiting that period will allow access.
Terminating."

The IP addresses getting blocked are all ISP proxy servers.  For example,

195.93.34.12          cache-loh-ac06.proxy.aol.com
212.100.251.149    lb1.onspeed.com
62.254.64.12          midd-cache-1.server.ntli.net
62.252.224.13        leed-cache-2.server.ntli.net
62.252.192.5          manc-cache-2.server.ntli.net
62.252.0.5              glfd-cache-2.server.ntli.net
62.254.0.14            nott-cache-2.server.ntli.net
80.5.160.4              bagu-cache-1.server.ntli.net

We have "RobotLimit 500" in catalog.cfg, and I am certain that our site is
not getting 500 page requests within any 30 second period, even from one of
these cache servers which I appreciate is a proxy for many users.

BTW, we don't have a SessionExpire entry in our catalog config (i.e. going
with the 1 day default), nor are we running with WideOpen.

I see from the mailing list that I am not alone in experiencing this
problem.

A couple of other people have suggested that perhaps the IP address counter
is not actually getting reset after the 30 minute period and I too feel it
looks this way.

I am not a Perl expert, but have been able to track down the main code
responsible and have included extracts below in the hope that someone out
there may be able to spot the problem (if indeed there is a problem in the
code).

I also noticed the line in the count_ip (Session.pm) routine:
::logDebug("ip $ip allowed back in due to '$mtime' > '$grace' days");

However, it is interesting that I don't see any of these particular logDebug
entries in my error.log, suggesting that for whatever reason the grace
period is never considered expired.  BTW, I am running the "expireall -r"
script as a dail cron job if this makes any difference?

Any help would be greatly appreciated as this problem is currently rejecting
a fair few potential customers with 403 errors.  Thanks.

###extract from Despatch.pm
 else {
  if($Vend::Cfg->{RobotLimit}) {
   if (Vend::Session::count_ip() > $Vend::Cfg->{RobotLimit}) {
    my $msg;
    # Here they can get it back if they pass expiration time
    my $wait = $Global::Variable->{MV_ROBOT_EXPIRE} || 86400;
    $wait /= 3600;
    $msg = errmsg(<<EOF, $wait);
Too many new ID assignments for this IP address. Please wait at least %d
hours
before trying again. Only waiting that period will allow access.
Terminating.
EOF
    $msg = get_locale_message(403, $msg);
    do_lockout($msg);
    $Vend::StatusLine = <<EOF;
Status: 403 Forbidden
Content-Type: text/plain
EOF
     response($msg);
     close_cat();
     return;
   }
  }
  new_session();
    }


###extract from Session.pm
sub count_ip {
 my $inc = shift;
 my $ip = $CGI::remote_addr;
 $ip =~ s/\W/_/g;
 my $dir = "$Vend::Cfg->{ScratchDir}/addr_ctr";
 mkdir $dir, 0777 unless -d $dir;
 my $fn = Vend::Util::get_filename($ip, 2, 1, $dir);
 if(-f $fn) {
  my $grace = $Vend::Cfg->{Limit}{robot_expire} || 1;
  my @st = stat(_);
  my $mtime = (time() - $st[9]) / 86400;
  if($mtime > $grace) {
   ::logDebug("ip $ip allowed back in due to '$mtime' > '$grace' days");
   unlink $fn;
  }
 }
 return Vend::CounterFile->new($fn)->inc() if $inc;
 return Vend::CounterFile->new($fn)->value();
}



More information about the interchange-users mailing list