Betr.: [ic] Too many new ID assignments for this IP address

J van Dijk 'BV Kunststoffenindustrie Attema' j.vandijk at attema.nl
Fri Oct 29 03:22:09 EDT 2004


>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
>>> list_subscriber at yahoo.co.uk 28-10-04 23:01:23 >>>
We are getting a lot of errors in our Interchange error log like:

"Too many new ID assignments for this IP address. Please wait at least
24
hours before trying again. Only waiting that period will allow access.
Terminating."

The IP addresses getting blocked are all ISP proxy servers.  For
example,

195.93.34.12          cache-loh-ac06.proxy.aol.com
212.100.251.149    lb1.onspeed.com
62.254.64.12          midd-cache-1.server.ntli.net
62.252.224.13        leed-cache-2.server.ntli.net
62.252.192.5          manc-cache-2.server.ntli.net
62.252.0.5              glfd-cache-2.server.ntli.net
62.254.0.14            nott-cache-2.server.ntli.net
80.5.160.4              bagu-cache-1.server.ntli.net

We have "RobotLimit 500" in catalog.cfg, and I am certain that our site
is
not getting 500 page requests within any 30 second period, even from
one of
these cache servers which I appreciate is a proxy for many users.

BTW, we don't have a SessionExpire entry in our catalog config (i.e.
going
with the 1 day default), nor are we running with WideOpen.

I see from the mailing list that I am not alone in experiencing this
problem.

A couple of other people have suggested that perhaps the IP address
counter
is not actually getting reset after the 30 minute period and I too feel
it
looks this way.

I am not a Perl expert, but have been able to track down the main code
responsible and have included extracts below in the hope that someone
out
there may be able to spot the problem (if indeed there is a problem in
the
code).

I also noticed the line in the count_ip (Session.pm) routine:
::logDebug("ip $ip allowed back in due to '$mtime' > '$grace' days");

However, it is interesting that I don't see any of these particular
logDebug
entries in my error.log, suggesting that for whatever reason the grace
period is never considered expired.  BTW, I am running the "expireall
-r"
script as a dail cron job if this makes any difference?

Any help would be greatly appreciated as this problem is currently
rejecting
a fair few potential customers with 403 errors.  Thanks.

###extract from Despatch.pm
 else {
  if($Vend::Cfg->{RobotLimit}) {
   if (Vend::Session::count_ip() > $Vend::Cfg->{RobotLimit}) {
    my $msg;
    # Here they can get it back if they pass expiration time
    my $wait = $Global::Variable->{MV_ROBOT_EXPIRE} || 86400;
    $wait /= 3600;
    $msg = errmsg(<<EOF, $wait);
Too many new ID assignments for this IP address. Please wait at least
%d
hours
before trying again. Only waiting that period will allow access.
Terminating.
EOF
    $msg = get_locale_message(403, $msg);
    do_lockout($msg);
    $Vend::StatusLine = <<EOF;
Status: 403 Forbidden
Content-Type: text/plain
EOF
     response($msg);
     close_cat();
     return;
   }
  }
  new_session();
    }


###extract from Session.pm
sub count_ip {
 my $inc = shift;
 my $ip = $CGI::remote_addr;
 $ip =~ s/\W/_/g;
 my $dir = "$Vend::Cfg->{ScratchDir}/addr_ctr";
 mkdir $dir, 0777 unless -d $dir;
 my $fn = Vend::Util::get_filename($ip, 2, 1, $dir);
 if(-f $fn) {
  my $grace = $Vend::Cfg->{Limit}{robot_expire} || 1;
  my @st = stat(_);
  my $mtime = (time() - $st[9]) / 86400;
  if($mtime > $grace) {
   ::logDebug("ip $ip allowed back in due to '$mtime' > '$grace'
days");
   unlink $fn;
  }
 }
 return Vend::CounterFile->new($fn)->inc() if $inc;
 return Vend::CounterFile->new($fn)->value();
}
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

This is not working correct, in the mean time try a workaround: 
set robotlimit temporarely up to 1000
or
find files with blocked ip adresses and delete them.
<catalogdir>\tmp\addr_ctr\*

Jan



More information about the interchange-users mailing list