First off, Chirpy, I want to thank you for your products. I've been using them for years, including your server hardening services. I love you!
A clients PHP script is trying to access maps.googleapis.com, which currently resolves to
216.58.218.170 (of course this resolves to other IPs based on DNS round robin)
The IP is blocked due to too many temp blocks.
IP: 216.58.218.170 (US/United States/dfw06s46-in-f10.1e100.net)
Connections: 332
Blocked: Temporary Block
Connections:
tcp: 216.58.218.170:80 -> 69.XX.XX.XX:34674 (TIME_WAIT)
tcp: 216.58.218.170:80 -> 69.XX.XX.XX:34581 (TIME_WAIT)
tcp: 216.58.218.170:80 -> 69.XX.XX.XX:34396 (TIME_WAIT)
tcp: 216.58.218.170:80 -> 69.XX.XX.XX:34351 (TIME_WAIT)
tcp: 216.58.218.170:80 -> 69.XX.XX.XX:34656 (TIME_WAIT)
tcp: 216.58.218.170:80 -> 69.XX.XX.XX:34440 (TIME_WAIT)
tcp: 216.58.218.170:80 -> 69.XX.XX.XX:34688 (TIME_WAIT)
tcp: 216.58.218.170:80 -> 69.XX.XX.XX:34506 (TIME_WAIT)
etc
I'm not too familiar with the script, but it's trying to put points on a map.
When it says 332 connections, is that at the exact time, or a period of time (like 5 minutes)
c url is used for these connections. Could this be caused if the script author forgot to close their
resources? c url_close()
I'm kind of fishing here.
While I'm concerned with the number of connections, and don't want to ignore them, if I were to do so, I'm not sure how to whitelist this. It wouldn't be done by adding a CSF ignore to dynamic DNS for googleapis.com, because when a RDNS is done, it resolves to dfw06s46-in-f10.1e100.net
1e100.net does belong to Google, do I could whitelist .1e100.net, but I'm not sure that would be complete.
This brings me back to finding why the script is using so many connections.
Any suggestions or insight would be appreciated!
blocked with too many connections
Re: blocked with too many connections
If they are being blocked with too many connections then it has nothing to do with the post you references but your setting for CT_LIMIT. You either need to raise CT_LIMIT, disable it or try using CT_SKIP_TIME_WAIT.