HTTP/HTTPS access blocked after git clone https://alioth.debian.org/....

To: admin@alioth.debian.org, debian-devel@lists.debian.org
Cc: gavenkoa@gmail.com
Subject: HTTP/HTTPS access blocked after git clone https://alioth.debian.org/....
From: Oleksandr Gavenko <gavenkoa@gmail.com>
Date: Fri, 09 Jan 2015 01:46:59 +0200
Message-id: <[🔎] 87tx00dedo.fsf@gavenkoa.example.com>

https://alioth.debian.org/scm/?group_id=100114 "SCM" tab say how to clone
repo.

First time after waiting 10 sec I drop operation:

  desktop+bash# git clone https://alioth.debian.org/anonscm/git/bash-completion/bash-completion.git
  Cloning into 'bash-completion'...
  ^C

https://alioth.debian.org sill be accessible. I repeat and after waiting near
2 min I get:

  desktop+bash# git clone https://alioth.debian.org/anonscm/git/bash-completion/bash-completion.git
  Cloning into 'bash-completion'...
  error: Failed to connect to alioth.debian.org port 443: Connection refused (curl_result = 7, http_code = 0, sha1 = 6e42f85ff5ab64e5128a42b93a325dab493bc5fb)
  error: Unable to find 6e42f85ff5ab64e5128a42b93a325dab493bc5fb under https://alioth.debian.org/anonscm/git/bash-completion/bash-completion.git
  Cannot obtain needed blob 6e42f85ff5ab64e5128a42b93a325dab493bc5fb
  while processing commit a0bb238dc80e47a1f75ac97bc6fc3000eaffee05.
  error: fetch failed.

After this access to  https://alioth.debian.org - blocked:

  desktop+bash# telnet alioth.debian.org 443
  Trying 5.153.231.21...
  telnet: Unable to connect to remote host: Connection refused

Wireshark shown:

  18	3.091573000	192.168.0.100	5.153.231.21	TCP	74	45491→443 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=2387410 TSecr=0 WS=128
  19	3.158538000	5.153.231.21	192.168.0.100	TCP	54	443→45491 [RST, ACK] Seq=1 Ack=1 Win=0 Len=0

so server just reset connection.

This happen yesterday, and this evening. After near 2 hours I get access back.
And with above git command block access again.

I ask at IRC is alioth.debian.org down? People say no. Also I able to wget
pages from ssh'ed "shell.sourceforge.net" host at same time.

It is clear that "git" command hooks some intrusion detection and my host
added to firewall exclusion list.

So what is to fix? Seems that it is ok to leave intrusion detection or review
rules. But definitely all Alioth projects page must be verified for broken

  https://alioth.debian.org/anonscm/git/bash-completion/bash-completion.git

like URLs, that lead to user access blocking.

BTW I check out sources from:

  desktop+bash# git clone git://git.debian.org/git/bash-completion/bash-completion.git

seems that git:// 9418 port isn't affected by blocking rules.

-- 
Best regards!

Reply to:

Prev by Date: Results for Limiting the term of the technical committee membersStart_Time = 19 Dec 2014 00:00:00
Next by Date: Work-needing packages report for Jan 9, 2015
Previous by thread: Results for Limiting the term of the technical committee membersStart_Time = 19 Dec 2014 00:00:00
Next by thread: Work-needing packages report for Jan 9, 2015
Index(es):
- Date
- Thread