• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0

Another CF11 Reverse DNS question

LEGEND ,
Apr 07, 2017 Apr 07, 2017

Copy link to clipboard

Copied

Hello, all,

It seems that the performance issues haxtbh mentioned regarding reverse DNS lookup on CF11 is way worse than I expected, and apparently not a problem in CF10.  OR, it could be a certain unwelcome 'bot'.  Which brings me to another question.

Instead of the CF method of reverse DNS (as it pertains to cgi.REMOTE_HOST), is there a way to get Apache to do the reverse DNS lookup and pass that along to CF?

! ! ! OR ! ! !

Is there a way to cache the reverse DNS value (cgi.REMOTE_HOST) so that it can be fed from memory?

I suspect that it is the dreaded LegiStorm bot (legibot) that is causing our issue of our metrics query timing out ("The request has exceeded the allowable time limit Tag: CFQUERY ").  The error email includes the agentstring "LegiStorm Bot (http://www.legistorm.com/legibot.html)".

I think the bot is hitting our server hundreds of times a second (just a guess), causing our DNS lookup to do the same, and the target server is blocking the request after x number of attempts in one second, causing our insert of cgi.REMOTE_HOST into the database to freeze, triggering a timeout error.

V/r,

^_^

Views

1.1K

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines

correct answers 1 Correct answer

LEGEND , Apr 10, 2017 Apr 10, 2017

Considering that we don't have a lot of time to analyze this, management has decided to remove the "enableLookups" from server.xml and go with a Java solution:

        <cfset inet = createObject("java","java.net.InetAddress") />
        <cfparam name="request.remote_host" default="#inet.getByName(remote_addr).getHostName()#" />

Normally we tend to avoid opening any kind of direct Java object, but this was deemed safe and appropriate for the situation.  It does not seem to have any negative performa

...

Votes

Translate

Translate
Advocate ,
Apr 08, 2017 Apr 08, 2017

Copy link to clipboard

Copied

Are their load balancers involved in your setup? Have you dumped gethttprequestdata() to see if any host information is sent?

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
LEGEND ,
Apr 10, 2017 Apr 10, 2017

Copy link to clipboard

Copied

Hi, haxtbh,

There are no load balancers involved.  The error emails include CFDUMPs of CGI and SESSION scopes, so we are getting the host and IP address of LegiStorm bot.

V/r,

^_^

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
LEGEND ,
Apr 10, 2017 Apr 10, 2017

Copy link to clipboard

Copied

Considering that we don't have a lot of time to analyze this, management has decided to remove the "enableLookups" from server.xml and go with a Java solution:

        <cfset inet = createObject("java","java.net.InetAddress") />
        <cfparam name="request.remote_host" default="#inet.getByName(remote_addr).getHostName()#" />

Normally we tend to avoid opening any kind of direct Java object, but this was deemed safe and appropriate for the situation.  It does not seem to have any negative performance issues, and we are no longer seeing any query timeouts as a result.

This is now a non-issue.  I'll mark this as correct.  Thanks, haxtbh​, for your help.

V/r,

^_^

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
LEGEND ,
Apr 12, 2017 Apr 12, 2017

Copy link to clipboard

Copied

LATEST

Have you dumped gethttprequestdata() to see if any host information is sent?

I just now looked at a CFDUMP of getHttpRequestData(), and the remote host information is not there.  It's only supplying method, protocol, and:

Accept-Encodinggzip, deflate
Accept-Languageen-US
Cache-Controlmax-age=0
DNT1
SSL_CLIENT_S_DN_CN(null)
accepttext/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
connectionkeep-alive
content-length0
cookieJSESSIONID={blah blah blah}cfusion
hostxxxx.yyyyyyyyyyyy.zzz
server_aliasxxxx
user-agentMozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0

V/r,

^_^

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation