Abuse and Connectivity Issues at the ASF

The Apache Software Foundation provides a robust and extensive system for serving the needs of the Foundation, of our projects as they create and deploy product releases, and of people all around the world who wish to download and use those products. These services are free of charge; but we offer them with the assumption that everyone uses them appropriately. If you abuse the system by overloading it in one way or another, you make it harder for others to do what they need to do. The ASF Infrastructure team will take steps to prevent abuse and restore normal access to all who rely on the ASF.

check for block what to do if blocked further troubleshooting global block rules bots and scrapers FAQ
Have I been blocked?

Enter your IP address to check if you have been added to our global block list, and why. You can also check your entire network block as well, by using CIDR notation, e.g. 123.123.123.0/22 or 2001:db8::/56. If you don't know your public IP address, you can click here to automatically determine it using a third party provider (IPify).

IP address or range:
What to do if you have been blocked by us

If a search for your IP or IP range yields a result in our block database, there are generally two ways to go from there:

  1. You can conform your usage of our resources and services to be within the acceptable range as laid out in our policies
  2. In rare cases, we can offer an exemption to the rules. We will consider this only if there is a mutual benefit to the solution, be prepared to be told no.

Option one is straight forward and is what most users will want to look at. Each block entry has a BLxxx code that can be clicked on to view details of the specific rule and its rationale, as well as (in some complex cases) steps for remediation.

The over-arching rule of thumb for all infractions is this: don't cross the limits.

When you have addressed the underlying cause of abuse (or wish to request an exemption), please contact abuse@infra.apache.org and provide the following information to us:

  1. The entity you are representing, either you as a private person or the corporation you are speaking on behalf of. If your corporation owns the ASN associated with the IP or IPs that are blocked, please mention the ASN as well.
  2. The IP or IPs that are being blocked. This can be a list of IPs or one or more ranges using CIDR notation.
  3. The rule that was broken (you can use the shorthand BLxxx reference if you wish).
  4. Any process-related context that you may wish to supply us, such as why we are seeing this influx of resource usage.
  5. The steps that you have taken to address the abuse on your side, or in the case of requesting an exemption, the rationale for said exemption as well as why or how the ASF would benefit from this.
Once we have received your request, we will process it and either remove the block right away or request additional information.
Troubleshooting connectivity issues: If you don't show as blocked, but you still cannot connect to our services

The first step in troubleshooting external connectivity issues with the ASF is (and will always be) to run a trace-route tool on the hostname of the service you are trying to connect to.

The traceroute tool may be called something else, like tracert on Windows, so keep that in mind.

Start by running the following in a command or terminal window: traceroute servicename.apache.org, where servicename.apache.org is the hostname you are unable to connect properly to.

If the traceroute output indicates that you are being blocked at a certain point, you can use this information to find the proper data center or peering contact for resolving this issue.

For a more in-depth information on how traceroute works, please see the following external articles:

If the traceroute shows that there either is no blockage, or that the blockage is with our ingress IP, and you do not find your IP address(es) listed in the "Have I been blocked?" directory, please reach out to us as abuse@infra.apache.org and we will help you further.

Global block list rules employed by the ASF

Below you'll find the general rules our global, automatic blocking system is governed by. Click on a rule to learn more about what it entails and why we perform these blocks.

How we deal with bots and scrapers

The ASF uses robots.txt for managing scrapers and bots. We generally don't mind bots that respect crawl-delay settings, and you can request your robot user-agent be added to the allowed list, provided you can provide a reasonable argument for it. If you want your bot added to the allow-list, please reach out to users@infra.apache.org-

We also employ ASN tracking in our global block system, and check for distributed scanners that belong to certain companies or data centers. Although our general block rules are made with single IP addresses in mind, we also block distributed abuse when found. Spreading your requests out over multiple IPs or data centers is not a valid excuse for abuse.

In general, be mindful of 429 HTTP response codes and consider your fellow people on this planet when you use our resources. We offer our services for free, with the understanding that people do not abuse them.