[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#720970: marked as done (packages.debian.org: ban check_http hits on 1MB files)

Your message dated Thu, 29 Aug 2013 22:43:15 +0200
with message-id <20130829204315.GM3621@mraw.org>
and subject line Re: packages.debian.org: ban check_http hits on 1MB files
has caused the Debian Bug report #720970,
regarding packages.debian.org: ban check_http hits on 1MB files
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
720970: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=720970
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: www.debian.org
User: www.debian.org@packages.debian.org
Usertags: packages.debian.org
Severity: minor

Running 'visitors' package on packages.d.o logs produced:
http://people.debian.org/~spaillard/packages.debian.org-access.log.html

Especially looking at
http://people.debian.org/~spaillard/packages.debian.org-access.log.html#Requested%20pages

1,7% of requests are against a single 800kB file, and closer look show it's
actually a nagios check from some specific IPs !!

-> They should be blocked IMO.

$ grep allpackages?format=txt.gz packages.debian.org-access.log-20130820 | cut -d '"' -f 6 | sort | uniq -c | so
   6748 check_http/v1.4.15 (nagios-plugins 1.4.15)
     10 Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)

I've tested the folloing rule, but it doesn't do the trick..
   RewriteCond %{HTTP_USER_AGENT} ^check_http.*
   RewriteRule^/stable/allpackages\?format=txt\.gz - [F]



-- 
Simon Paillard

--- End Message ---
--- Begin Message --- 
Hi,

On Tue, Aug 27, 2013 at 11:30:02PM +0200, Csillag Tamas wrote:
> This is the closest thing I was able to produce:
> 
> <locationmatch /stable/allpackages.*>
> SetEnvIfNoCase User-Agent check_http keep_out
> ErrorDocument 403 "what are you doing here? - tell us email@address"
>  <limit GET POST PUT>
>   Order Allow,Deny
>   Allow from all
>   Deny from env=keep_out
>  </limit>
> </locationmatch>

Thanks Tamas, applied to both git and running apaches. 

-- 
Simon Paillard

--- End Message ---
Reply to: