From ripe at foobar.dk Fri Oct 16 09:35:00 2009 From: ripe at foobar.dk (ripe at foobar.dk) Date: Fri, 16 Oct 2009 09:35:00 +0200 Subject: RIPADMIN questions Message-ID: <4998a7d086048ea696ecb67f8ede46de.squirrel@webmail01.one.com> Mojn guys I'm currently having some problems with one of our servers being denied access permanently for abusive behaviour. It should be allowed to hammer my whois service as hard as it wants, so I need to change some of the parameters in RIPADMIN.acl - I guess... I've tried to find some hints about this in the documentation found on http://www.ripe.net/db/docs.html but with no result ;-( I found a workaround by changing the AC_* vaules ( "Access control" ) in rip.config, but there must be a way to allow a single host unlimited number of queries through the RIPADMIN database ? Regards, Peter From denis at ripe.net Fri Oct 16 12:57:49 2009 From: denis at ripe.net (Denis Walker) Date: Fri, 16 Oct 2009 12:57:49 +0200 Subject: RIPADMIN questions In-Reply-To: <4998a7d086048ea696ecb67f8ede46de.squirrel@webmail01.one.com> References: <4998a7d086048ea696ecb67f8ede46de.squirrel@webmail01.one.com> Message-ID: <4AD851AD.1000303@ripe.net> ripe at foobar.dk wrote: > Mojn guys > I'm currently having some problems with one of our servers being denied > access permanently for abusive behaviour. It should be allowed to hammer > my whois service as hard as it wants, so I need to change some of the > parameters in RIPADMIN.acl - I guess... > I've tried to find some hints about this in the documentation found on > http://www.ripe.net/db/docs.html but with no result ;-( > > I found a workaround by changing the AC_* vaules ( "Access control" ) in > rip.config, but there must be a way to allow a single host unlimited > number of queries through the RIPADMIN database ? > > Regards, > Peter > > Dear Peter >From what you say above, I assume you are running your own instance of the RIPE Database software. In this case I have copied the instruction below for how to unblock a user and set unlimited access to a host. You just need to set the host and port values for your system. regards Denis Business Analyst RIPE NCC Unblocking Users To unblock a user, take the following steps: * Connect to the administrative port: $ telnet host port Trying 193.0.0.xxx... Connected to apple.ripe.net. Escape character is '^]'. System running since Wed Apr 25 12:08:11 2001 Uptime in seconds: 12475 =0= whois R.I.P. config> * Find the entry for the user in the ACL table, to make sure that they are actually blocked: =0= whois R.I.P. config> show acl IP 5000 -1 32767 1 0 The "1" in the fifth column indicates this user has been permanently denied. Otherwise the user has been temporarily denied. This procedure will fix either case. * Set the count for the number of denials for this IP: =0= whois R.I.P. config> set acl IP deny=0 * Set "nodeny" for this IP: =0= whois R.I.P. config> set nodeny IP Providing Unlimited Access to a Host To provide unlimited access to a host: * Connect to the administrative port: $ telnet host port Trying 193.0.0.xxx... Connected to apple.ripe.net. Escape character is '^]'. System running since Wed Apr 25 12:08:11 2001 Uptime in seconds: 12475 =0= whois R.I.P. config> * Set the count for the number of private data items that can be returned for this IP: =0= whois R.I.P. config> set acl IP maxprivate=-1 Also make sure that this IP is not blocked (see previous section).