[Koha] Slowness & outages
Mark Alexander
marka at pobox.com
Fri Jul 11 09:34:26 NZST 2025
It looks I spoke too soon about my use of iptables to block out of
control web crawlers. Our Koha installation is now being attacked by
crawlers, and there are so many that using iptables isn't practical.
Examining /var/log/apache2/other_vhosts_access.log shows that these
crawlers don't use any identification that can be used by fail2ban.
Here are a couple of them (with the name of our library changed, and URLs
shorted):
koha.example.com:443 14.248.94.197 - - [10/Jul/2025:17:19:11 -0400] "GET /cgi-bin/koha/opac-search.pl?... HTTP/1.1" 200 15946 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_1 rv:4.0; bem-ZM) AppleWebKit/535.45.1 (KHTML, like Gecko) Version/4.0.2 Safari/535.45.1"
koha.example.com:443 200.71.98.253 - - [10/Jul/2025:17:19:11 -0400] "GET /cgi-bin/koha/opac-search.pl?... HTTP/1.1" 200 15960 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows CE; Trident/4.0)"
Running a grep|sed|sort|uniq filter on the log show that we're being
attacked by almost 1000 crawlers today.
I've tried adding these lines to /etc/apache2/apache2.conf:
<IfModule mpm_worker_module>
MaxRequestWorkers 5
</IfModule>
But the attacks still keep both CPUs busy; top reports them as
follows:
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
10319 rpl-koha 20 0 288340 234040 20880 R 80.1 5.9 0:04.14 /usr/share/koha
10085 rpl-koha 20 0 0 0 0 R 68.1 0.0 0:17.03 starman worker
I'm not sure what to do next. I had thought of using the apache2
authz_core module to restrict Koha to a handful of IP addresses, such
as those used by computers at the library. But this would prevent
patrons from accessing the OPAC from home. I'm pretty desperate now.
Suggestions welcome.
This is on Linode, in case that makes a difference.
--
I'm doing my part to help preserve life on earth
by trying to preserve my own. --Ashleigh Brilliant
More information about the Koha
mailing list