(Mon, 26 Mar 16:40) Warren Young: > On Mar 26, 2018, at 2:45 PM, Warren Young <war...@etr-usa.com> wrote: > > > > On Mar 26, 2018, at 2:15 PM, Svyatoslav Mishyn > > <svyatoslav.mis...@gmail.com> wrote: > >> > >> Here are results of r.sh when stress.sh was run (and all RAM was used > >> on VPS): > > I’ve thought a bit more about this stress.sh script. It is based on ab, > which I presume is the Apache Benchmark program. You aren’t giving it -C, > which means it’s just bouncing off that URL and sending you back to the login > page on each HTTP hit. Thus, it is not at all like a real user trying to use > the fossil-scm.org repository remotely. > > Monitor your HTTP traffic to the Fossil server, and I think you’ll see that > you aren’t actually pulling vdiffs with this test.
Actually, Apache Benchmark pulls diffs without "-C" option as the "nobody" user got "gjorz" permissions. If I remove "o" (Check-Out) capability, then yes, will be a redirect to /login page. On the other hand, how to protect a VPS against such requests? Without removing current functionality for non-logged ("nobody") users, i.e. keep "o" capability. "max-loadavg" setting can't help as it does not affect /vdiff pages. Only by limiting requests by nginx to fossil.? -- https://www.juef.space/ _______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users