Bug#720970: marked as done (packages.debian.org: ban check_http hits on 1MB files)

Thu, 29 Aug 2013 13:45:44 -0700 

Your message dated Thu, 29 Aug 2013 22:43:15 +0200
with message-id <[email protected]>
and subject line Re: packages.debian.org: ban check_http hits on 1MB files
has caused the Debian Bug report #720970,
regarding packages.debian.org: ban check_http hits on 1MB files
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
720970: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=720970
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: www.debian.org
User: [email protected]
Usertags: packages.debian.org
Severity: minor

Running 'visitors' package on packages.d.o logs produced:
http://people.debian.org/~spaillard/packages.debian.org-access.log.html

Especially looking at
http://people.debian.org/~spaillard/packages.debian.org-access.log.html#Requested%20pages

1,7% of requests are against a single 800kB file, and closer look show it's
actually a nagios check from some specific IPs !!

-> They should be blocked IMO.

$ grep allpackages?format=txt.gz packages.debian.org-access.log-20130820 | cut 
-d '"' -f 6 | sort | uniq -c | so
   6748 check_http/v1.4.15 (nagios-plugins 1.4.15)
     10 Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)

I've tested the folloing rule, but it doesn't do the trick..
   RewriteCond %{HTTP_USER_AGENT} ^check_http.*
   RewriteRule^/stable/allpackages\?format=txt\.gz - [F]



-- 
Simon Paillard

--- End Message ---
--- Begin Message --- 
Hi,

On Tue, Aug 27, 2013 at 11:30:02PM +0200, Csillag Tamas wrote:
> This is the closest thing I was able to produce:
> 
> <locationmatch /stable/allpackages.*>
> SetEnvIfNoCase User-Agent check_http keep_out
> ErrorDocument 403 "what are you doing here? - tell us email@address"
>  <limit GET POST PUT>
>   Order Allow,Deny
>   Allow from all
>   Deny from env=keep_out
>  </limit>
> </locationmatch>

Thanks Tamas, applied to both git and running apaches. 

-- 
Simon Paillard

--- End Message ---

Reply via email to