Skip to main content
WolfShade
WolfShade
Legend
April 7, 2017
Answered

Another CF11 Reverse DNS question

  • April 7, 2017
  • 1 reply
  • 1320 views

Hello, all,

It seems that the performance issues haxtbh mentioned regarding reverse DNS lookup on CF11 is way worse than I expected, and apparently not a problem in CF10.  OR, it could be a certain unwelcome 'bot'.  Which brings me to another question.

Instead of the CF method of reverse DNS (as it pertains to cgi.REMOTE_HOST), is there a way to get Apache to do the reverse DNS lookup and pass that along to CF?

! ! ! OR ! ! !

Is there a way to cache the reverse DNS value (cgi.REMOTE_HOST) so that it can be fed from memory?

I suspect that it is the dreaded LegiStorm bot (legibot) that is causing our issue of our metrics query timing out ("The request has exceeded the allowable time limit Tag: CFQUERY ").  The error email includes the agentstring "LegiStorm Bot (http://www.legistorm.com/legibot.html)".

I think the bot is hitting our server hundreds of times a second (just a guess), causing our DNS lookup to do the same, and the target server is blocking the request after x number of attempts in one second, causing our insert of cgi.REMOTE_HOST into the database to freeze, triggering a timeout error.

V/r,

^_^

    This topic has been closed for replies.
    Correct answer WolfShade

    Considering that we don't have a lot of time to analyze this, management has decided to remove the "enableLookups" from server.xml and go with a Java solution:

            <cfset inet = createObject("java","java.net.InetAddress") />
            <cfparam name="request.remote_host" default="#inet.getByName(remote_addr).getHostName()#" />

    Normally we tend to avoid opening any kind of direct Java object, but this was deemed safe and appropriate for the situation.  It does not seem to have any negative performance issues, and we are no longer seeing any query timeouts as a result.

    This is now a non-issue.  I'll mark this as correct.  Thanks, haxtbh​, for your help.

    V/r,

    ^_^

    1 reply

    H
    haxtbh
    Inspiring
    April 8, 2017

    Are their load balancers involved in your setup? Have you dumped gethttprequestdata() to see if any host information is sent?

    WolfShade
    WolfShadeAuthor
    Legend
    April 10, 2017

    Hi, haxtbh,

    There are no load balancers involved.  The error emails include CFDUMPs of CGI and SESSION scopes, so we are getting the host and IP address of LegiStorm bot.

    V/r,

    ^_^

    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices