Highlighted

Another CF11 Reverse DNS question

LEGEND ,
Apr 07, 2017

Copy link to clipboard

Copied

Hello, all,

It seems that the performance issues haxtbh mentioned regarding reverse DNS lookup on CF11 is way worse than I expected, and apparently not a problem in CF10.  OR, it could be a certain unwelcome 'bot'.  Which brings me to another question.

Instead of the CF method of reverse DNS (as it pertains to cgi.REMOTE_HOST), is there a way to get Apache to do the reverse DNS lookup and pass that along to CF?

! ! ! OR ! ! !

Is there a way to cache the reverse DNS value (cgi.REMOTE_HOST) so that it can be fed from memory?

I suspect that it is the dreaded LegiStorm bot (legibot) that is causing our issue of our metrics query timing out ("The request has exceeded the allowable time limit Tag: CFQUERY ").  The error email includes the agentstring "LegiStorm Bot (http://www.legistorm.com/legibot.html)".

I think the bot is hitting our server hundreds of times a second (just a guess), causing our DNS lookup to do the same, and the target server is blocking the request after x number of attempts in one second, causing our insert of cgi.REMOTE_HOST into the database to freeze, triggering a timeout error.

V/r,

^_^

Considering that we don't have a lot of time to analyze this, management has decided to remove the "enableLookups" from server.xml and go with a Java solution:

        <cfset inet = createObject("java","java.net.InetAddress") />
        <cfparam name="request.remote_host" default="#inet.getByName(remote_addr).getHostName()#" />

Normally we tend to avoid opening any kind of direct Java object, but this was deemed safe and appropriate for the situation.  It does not seem to have any negative performance issues, and we are no longer seeing any query timeouts as a result.

This is now a non-issue.  I'll mark this as correct.  Thanks, haxtbh​, for your help.

V/r,

^_^

Views

990

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more

Another CF11 Reverse DNS question

LEGEND ,
Apr 07, 2017

Copy link to clipboard

Copied

Hello, all,

It seems that the performance issues haxtbh mentioned regarding reverse DNS lookup on CF11 is way worse than I expected, and apparently not a problem in CF10.  OR, it could be a certain unwelcome 'bot'.  Which brings me to another question.

Instead of the CF method of reverse DNS (as it pertains to cgi.REMOTE_HOST), is there a way to get Apache to do the reverse DNS lookup and pass that along to CF?

! ! ! OR ! ! !

Is there a way to cache the reverse DNS value (cgi.REMOTE_HOST) so that it can be fed from memory?

I suspect that it is the dreaded LegiStorm bot (legibot) that is causing our issue of our metrics query timing out ("The request has exceeded the allowable time limit Tag: CFQUERY ").  The error email includes the agentstring "LegiStorm Bot (http://www.legistorm.com/legibot.html)".

I think the bot is hitting our server hundreds of times a second (just a guess), causing our DNS lookup to do the same, and the target server is blocking the request after x number of attempts in one second, causing our insert of cgi.REMOTE_HOST into the database to freeze, triggering a timeout error.

V/r,

^_^

Considering that we don't have a lot of time to analyze this, management has decided to remove the "enableLookups" from server.xml and go with a Java solution:

        <cfset inet = createObject("java","java.net.InetAddress") />
        <cfparam name="request.remote_host" default="#inet.getByName(remote_addr).getHostName()#" />

Normally we tend to avoid opening any kind of direct Java object, but this was deemed safe and appropriate for the situation.  It does not seem to have any negative performance issues, and we are no longer seeing any query timeouts as a result.

This is now a non-issue.  I'll mark this as correct.  Thanks, haxtbh​, for your help.

V/r,

^_^

Views

991

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Apr 07, 2017 0
Advocate ,
Apr 08, 2017

Copy link to clipboard

Copied

Are their load balancers involved in your setup? Have you dumped gethttprequestdata() to see if any host information is sent?

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Apr 08, 2017 0
LEGEND ,
Apr 10, 2017

Copy link to clipboard

Copied

Hi, haxtbh,

There are no load balancers involved.  The error emails include CFDUMPs of CGI and SESSION scopes, so we are getting the host and IP address of LegiStorm bot.

V/r,

^_^

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Apr 10, 2017 0
LEGEND ,
Apr 10, 2017

Copy link to clipboard

Copied

Considering that we don't have a lot of time to analyze this, management has decided to remove the "enableLookups" from server.xml and go with a Java solution:

        <cfset inet = createObject("java","java.net.InetAddress") />
        <cfparam name="request.remote_host" default="#inet.getByName(remote_addr).getHostName()#" />

Normally we tend to avoid opening any kind of direct Java object, but this was deemed safe and appropriate for the situation.  It does not seem to have any negative performance issues, and we are no longer seeing any query timeouts as a result.

This is now a non-issue.  I'll mark this as correct.  Thanks, haxtbh​, for your help.

V/r,

^_^

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Apr 10, 2017 0
LEGEND ,
Apr 12, 2017

Copy link to clipboard

Copied

Have you dumped gethttprequestdata() to see if any host information is sent?

I just now looked at a CFDUMP of getHttpRequestData(), and the remote host information is not there.  It's only supplying method, protocol, and:

Accept-Encodinggzip, deflate
Accept-Languageen-US
Cache-Controlmax-age=0
DNT1
SSL_CLIENT_S_DN_CN(null)
accepttext/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
connectionkeep-alive
content-length0
cookieJSESSIONID={blah blah blah}cfusion
hostxxxx.yyyyyyyyyyyy.zzz
server_aliasxxxx
user-agentMozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0

V/r,

^_^

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Apr 12, 2017 0