<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>Connectivity diagnostics</title> <link rel="stylesheet" href="css/bootstrap.css"> <style> .cidrblock { font-family: monospace; font-weight: bold; color: #124; } .reasonblock { font-family: sans-serif; font-weight: normal; color: #111; } .timeblock { font-family: sans-serif; font-weight: normal; color: #444; } .blockrule { font-family: monospace; font-weight: bold; color: #930; } body { background-color: #1b4fad; } .container { padding: 0 !important; } </style> </head> <body onload="fetch_blocklist();"> <main> <div class="container"> <div class="px-2 py-2 my-2 text-center"> <h1 class="display-5 fw-bold" style="color: #FFF; text-align: center;">Abuse and Connectivity Issues at the ASF</h1> <div class="col-lg-11 mx-auto" style="color: #FFF;"> <p class="lead mb-0" style="font-size: 1.08rem;"> The Apache Software Foundation provides a robust and extensive system for serving the needs of the Foundation, of our projects as they create and deploy product releases, and of people all around the world who wish to download and use those products. These services are free of charge; but we offer them with the assumption that everyone uses them appropriately. If you abuse the system by overloading it in one way or another, you make it harder for others to do what they need to do. The ASF Infrastructure team will take steps to prevent abuse and restore normal access to all who rely on the ASF. </p> </div> </div> <div class="px-2 my-3 text-center"> <a type="button" class="mx-2 button btn btn-primary" href="#blockcheck">check for block</a> <a type="button" class="mx-2 button btn btn-primary" href="#what">what to do if blocked</a> <a type="button" class="mx-2 button btn btn-primary" href="#debug">further troubleshooting</a> <a type="button" class="mx-2 button btn btn-primary" href="#rules">global block rules</a> <a type="button" class="mx-2 button btn btn-primary" href="#bots">bots and scrapers FAQ</a> </div> <div class="row"> <div class="col"> <div class="card" style="width: 100%;" id="blockcheck"> <div class="card-body"> <h5 class="card-title">Have I been blocked?</h5> <p class="card-text"> Enter your IP address to check if you have been added to our global block list, and why. You can also check your entire network block as well, by using CIDR notation, e.g. <kbd>123.123.123.0/22</kbd> or <kbd>2001:db8::/56</kbd>. If you don't know your public IP address, you can <a href="javascript:void(fill_ip());">click here</a> to automatically determine it using a third party provider (IPify). </p> IP address or range: <input type="text" id="ip_address"/> <input type="button" value="Search" onclick="is_blocked();" class="btn btn-primary"/><br/> <form> <div class="mb-3"> <table class="table" id="block_results_table" style="visibility: hidden;"> <thead id="blockheads"> <tr> <th scope="col">IP Address or Range</th> <th scope="col">Date blocked</th> <th scope="col">Reason for block</th> </tr> </thead> <tbody id="block_results"> </tbody> </table> </div> </form> </div> </div> <div class="card" style="width: 100%; margin-top: 10px;" id="what"> <div class="card-body"> <h5 class="card-title">What to do if we have blocked you</h5> <p class="card-text">If a search for your IP or IP range yields a result in our block database, there are generally two ways forward: </p> <ol> <li>You can conform your usage of our resources and services to be within the acceptable range as laid out in our policies</li> <li>Explain why we should make an exception in your case. We do this <b>very rarely</b>. You need to explain (see below for instructions) how both you and we will benefit from this exception. Be prepared for us to say no.</li> </ol> <p class="card-text">Option one is straightforward and is what most users will want to look at. Each block entry has a <kbd>BLxxx</kbd> code that you can click to view details of the specific rule and its rationale, as well as (in some complex cases) steps for remediation.</p> <p class="card-text">The over-arching rule for all infractions is this: <b>don't cross the limits.</b></p> <p class="card-text">When you have addressed the underlying cause of abuse (or wish to request an exception), contact <kbd>abuse@infra.apache.org</kbd> and provide the following information:</p> <ol> <li>The entity you are representing, either you as a private person or the corporation you are speaking on behalf of. If your corporation owns the ASN associated with the IP or IPs that we blocked, please mention the ASN as well.</li> <li>The IP or IPs that are being blocked. This can be a list of IPs or one or more ranges using CIDR notation.</li> <li>The rule that was broken (you can use the shorthand BLxxx reference if you wish).</li> <li>Any process-related context that you may wish to supply us, such as why we are seeing this influx of resource usage.</li> <li>The steps that you have taken to address the abuse on your side, or, in the case of requesting an exception, the rationale for said exception as well as why or how the ASF would benefit from our granting it.</li> </ol> Once we have received your request, we will process it and either remove the block right away or request additional information. </div> </div> <div class="card" style="width: 100%; margin-top: 10px;" id="debug"> <div class="card-body"> <h5 class="card-title">Troubleshooting connectivity issues: If you don't show as blocked, but you still cannot connect to our services</h5> <p class="card-text">The first step in troubleshooting external connectivity issues with the ASF is (and will always be) to run a trace-route tool on the hostname of the service you are trying to connect to.</p> <p class="card-text">Note: The <kbd>traceroute</kbd> tool may be called something else, like <kbd>tracert</kbd> on Windows.</p> <p class="card-text">Run the following in a command or terminal window: <kbd>traceroute <span class="text-danger">servicename.apache.org</span></kbd>, where <span class="text-danger">servicename.apache.org</span> is the hostname you are unable to connect properly to.</p> <p class="card-text">If the traceroute output indicates that you are being blocked at a certain point, you can use this information to find the proper data center or peering contact for resolving this issue.</p> <p class="card-text">For more in-depth information on how traceroute works, see the following external articles: <ul> <li><a href="https://www.varonis.com/blog/what-is-traceroute" target="_blank">What is Traceroute? How it Works and How to Read Results</a> - by Varonis</li> <li><a href="https://www.catchpoint.com/network-admin-guide/how-to-read-a-traceroute" target="_blank">How to Read a Traceroute</a> - by Catchpoint</li> </ul> </p> <p class="card-text">If the traceroute shows that there is no blockage, or that the blockage is with our ingress IP, and you do not find your IP address(es) listed in the "<a href="#blockcheck">Have I been blocked?</a>" directory, please reach out to us at <kbd>abuse@infra.apache.org</kbd> and we will help you further.</p> </div> </div> <div class="card" style="width: 100%; margin-top: 10px;" id="rules"> <div class="card-body"> <h5 class="card-title">Global block list rules employed by the ASF</h5> <p class="card-text"> Below you'll find the general rules that govern our global, automatic blocking system. Click a rule to learn more about what it entails and why we perform these blocks. </p> <div class="accordion" id="block_rules"> </div> </div> </div> <div class="card" style="width: 100%; margin-top: 10px;" id="bots"> <div class="card-body"> <h5 class="card-title">How we deal with bots and scrapers</h5> <p class="card-text">The ASF uses <a href="https://svn.apache.org/robots.txt">robots.txt</a> for managing scrapers and bots. We generally don't mind bots that respect <kbd>crawl-delay</kbd> settings, and you can request your robot user-agent be added to the allowed list, provided you can supply a reasonable argument for it. If you want your bot added to the allow-list, contact users@infra.apache.org.</p> <p class="card-text">We also employ ASN tracking in our global block system, and check for distributed scanners that belong to certain companies or data centers. Although our general block rules are made with single IP addresses in mind, we also block distributed abuse when we find it. Spreading your requests out over multiple IPs or data centers is not a valid excuse for abuse.</p> <p class="card-text">In general, be mindful of 429 HTTP response codes and consider your fellow people on this planet when you use our resources. We offer our services for free, with the understanding that people do not abuse them.</p> </div> </div> <div class="card bg-warning-subtle" style="display: none; padding: 6px; margin: 4px;" id="general_block_advice"> <h6 class="card-title">General considerations when blocked</h6> <p class="card-text"> If you find yourself blocked from our services, consider the following questions as you determine how to address the situation: </p> <ul> <li>If you download a lot of software packages from us: <ul> <li>Are you downloading the same package(s) over and over for things like continuous integration?</li> <li>Have you considered using a caching forward proxy for these packages?</li> </ul> </li> <li> If you scrape or fetch data from us on a schedule, you may have been blocked to prevent service disruptions. Consider the following: <ul> <li>Are your data scrapers respecting robots.txt?</li> <li>Are you respecting 429 HTTP responses?</li> </ul> </li> <li>For all situations, consider: <ul> <li>How often do you <b>really</b> need to request data from ASF services, and how important is the freshness of data?</li> <li>Are there other ways you can get the needed data or information without over-encumbering ASF services?</li> <li>If the requests are spread out across an organization, have you considered having a central orchestrator of requests to help control the flow of traffic?</li> </ul> </li> </ul> </div> </div> </div> </div> </main> </body> <script src="js/bootstrap.bundle.js"></script> <script src="js/ipnum.js"></script> <script src="js/abuse.js"></script> </html>