Bug#846288: apache2: Directory indexes painfully slow when using basic auth

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#846288: apache2: Directory indexes painfully slow when using basic auth
From: Morten Minde Neergaard <m-debian@8d.no>
Date: Tue, 29 Nov 2016 21:46:42 +0100
Message-id: <[🔎] 148045240281.15320.13935036773763222505.reportbug@versifikattriks.8d.no>
Reply-to: Morten Minde Neergaard <m-debian@8d.no>, 846288@bugs.debian.org

Package: apache2
Version: 2.4.23-8
Severity: normal

Dear Maintainer,

I am using apache2 on a NAS with a very weak CPU. I have storing roughly
1000 images and subfolders in a folder, and am using Options +Indexes to
read the list of files / directories. Getting the list up is painfully
slow, and eventually fails if the folder is large enough.

Apache config, edited to remove domain name:

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
<VirtualHost *:80>
	ServerName foo.example.com

	ServerAdmin webmaster@example.com
	DocumentRoot /srv

	ErrorLog ${APACHE_LOG_DIR}/foo.error.log
	CustomLog ${APACHE_LOG_DIR}/foo.access.log combined

	DirectoryIndex index.html

	<Directory /srv/>
		Options Indexes FollowSymlinks
		AllowOverride None
		Require all granted
	</Directory>

	<Location />
		AuthType Basic
		AuthName "Access to top secret foo"
		AuthUserFile /etc/apache2/htpasswd
		Require valid-user
	</Location>
</VirtualHost>

I tried doing a strace on the apache process while the page was loading.
Excerpt, censoring actual username, password hash:

stat64("/srv/Images/IMG_20161013_082911/index.html", 0xbeea5408) = -1 ENOENT (No such file or directory)
lstat64("/srv", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
lstat64("/srv/felles", {st_mode=S_IFDIR|S_ISGID|0775, st_size=4096, ...}) = 0
lstat64("/srv/felles/Bilder", {st_mode=S_IFDIR|S_ISGID|0775, st_size=4096, ...}) = 0
lstat64("/srv/Images", {st_mode=S_IFDIR|S_ISGID|0755, st_size=69632, ...}) = 0
lstat64("/srv/Images/IMG_20161013_082911", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
lstat64("/srv/Images/IMG_20161013_082911/index.html", 0xbeea5408) = -1 ENOENT (No such file or directory)
open("/etc/apache2/htpasswd", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 19
fstat64(19, {st_mode=S_IFREG|0640, st_size=313, ...}) = 0
read(19, "foo:$6$XXXXXXXX$XXXXXXXXXXXXXXX"..., 4096) = 313
close(19)                               = 0
lstat64("/srv/Images/IMG_20161014_173243.jpg", {st_mode=S_IFREG|0755, st_size=4159526, ...}) = 0
lstat64("/srv/Images/IMG_20161014_173243.jpg", {st_mode=S_IFREG|0755, st_size=4159526, ...}) = 0
open("/etc/apache2/htpasswd", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 19
fstat64(19, {st_mode=S_IFREG|0640, st_size=313, ...}) = 0
read(19, "foo:$6$XXXXXXXX$XXXXXXXXXXXXXXX"..., 4096) = 313
close(19)                               = 0
lstat64("/srv/Images/IMG_20160920_172913.jpg", {st_mode=S_IFREG|0755, st_size=3290253, ...}) = 0
lstat64("/srv/Images/IMG_20160920_172913.jpg", {st_mode=S_IFREG|0755, st_size=3290253, ...}) = 0
open("/etc/apache2/htpasswd", O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 19
fstat64(19, {st_mode=S_IFREG|0640, st_size=313, ...}) = 0
read(19, "foo:$6$XXXXXXXX$XXXXXXXXXXXXXXX"..., 4096) = 313

i.e. it's reading the htpasswd file for every file and subfolder in the
folder, and probably doing the password check for each of them. It's
also looking for an index.html under each subfolder, but that's probably
a separate issue and/or configurable.


-- Package-specific info:

-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: armhf (armv7l)

Kernel: Linux 4.7.0-1-armmp (SMP w/1 CPU core)
Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages apache2 depends on:
ii  apache2-bin          2.4.23-8
ii  apache2-data         2.4.23-8
ii  apache2-utils        2.4.23-8
ii  dpkg                 1.18.15
ii  init-system-helpers  1.46
ii  lsb-base             9.20161101
ii  mime-support         3.60
ii  perl                 5.24.1~rc3-3
pn  perl:any             <none>
ii  procps               2:3.3.12-3

Versions of packages apache2 recommends:
ii  ssl-cert  1.0.38

Versions of packages apache2 suggests:
pn  apache2-doc                                      <none>
pn  apache2-suexec-pristine | apache2-suexec-custom  <none>
pn  www-browser                                      <none>

Versions of packages apache2-bin depends on:
ii  libapr1                  1.5.2-4
ii  libaprutil1              1.5.4-2
ii  libaprutil1-dbd-sqlite3  1.5.4-2
ii  libaprutil1-ldap         1.5.4-2
ii  libc6                    2.24-5
ii  libldap-2.4-2            2.4.44+dfsg-1
ii  liblua5.2-0              5.2.4-1.1+b1
ii  libnghttp2-14            1.16.0-1
ii  libpcre3                 2:8.39-2
ii  libssl1.0.2              1.0.2j-4
ii  libxml2                  2.9.4+dfsg1-2.1
pn  perl:any                 <none>
ii  zlib1g                   1:1.2.8.dfsg-2+b3

Versions of packages apache2-bin suggests:
pn  apache2-doc                                      <none>
pn  apache2-suexec-pristine | apache2-suexec-custom  <none>
pn  www-browser                                      <none>

Versions of packages apache2 is related to:
ii  apache2      2.4.23-8
ii  apache2-bin  2.4.23-8

-- Configuration Files:
/etc/apache2/sites-available/000-default.conf changed [not included]

-- no debconf information

Reply to:

Prev by Date: Propere kantoren, een dynamisch imago voor Delbarre!
Previous by thread: Propere kantoren, een dynamisch imago voor Delbarre!
Index(es):
- Date
- Thread