Bug#600274: libapache2-svn working incorrect whis mod_evasive
Package: libapache2-svn Version: 1.6.12dfsg-2 Architecture: i386 Hi, I detect problem in mod_dav_svn or mod_dav_svn_authz. If enabled mod_evasive, problems with authorization to subversion. vhosts.conf --- Skip config --- VirtualHost [cut IP-address] ServerName [cut sever name] ServerAdmin [cut e-mail] Location / DAV svn SVNPath [cut path to svn directory] AuthType Basic AuthName Developement SVN server AuthUserFile /etc/apache2/dav_svn.passwd Require valid-user /Location LogLevel debug ErrorLog /var/log/apache2/error.log CustomLog /var/log/apache2/access.log combined /VirtualHost --- Skip config --- error.log --- Skip log --- [Mon Oct 11 16:17:19 2010] [debug] mod_deflate.c(615): [clientcut IP-address] Zlib: Compressed 202 to 161 : URL / [Mon Oct 11 16:20:59 2010] [debug] mod_deflate.c(615): [clientcut IP-address] Zlib: Compressed 401 to 272 : URL / [Mon Oct 11 16:21:15 2010] [debug] mod_deflate.c(615): [clientcut IP-address] Zlib: Compressed 179 to 123 : URL / [Mon Oct 11 16:21:15 2010] [debug] mod_deflate.c(615): [clientcut IP-address] Zlib: Compressed 629 to 316 : URL / [Mon Oct 11 16:21:15 2010] [debug] mod_deflate.c(615): [clientcut IP-address] Zlib: Compressed 382 to 220 : URL /!svn/vcc/default [Mon Oct 11 16:21:15 2010] [debug] mod_deflate.c(615): [clientcut IP-address] Zlib: Compressed 437 to 234 : URL /!svn/bln/696 [Mon Oct 11 16:21:17 2010] [debug] mod_deflate.c(615): [clientcut IP-address] Zlib: Compressed 629 to 316 : URL / [Mon Oct 11 16:21:17 2010] [debug] mod_deflate.c(615): [clientcut IP-address] Zlib: Compressed 382 to 220 : URL /!svn/vcc/default [Mon Oct 11 16:21:17 2010] [debug] mod_deflate.c(615): [clientcut IP-address] Zlib: Compressed 437 to 234 : URL /!svn/bln/696 [Mon Oct 11 16:21:17 2010] [debug] mod_deflate.c(615): [clientcut IP-address] Zlib: Compressed 629 to 316 : URL / [Mon Oct 11 16:21:17 2010] [debug] mod_deflate.c(615): [clientcut IP-address] Zlib: Compressed 437 to 234 : URL /!svn/vcc/default [Mon Oct 11 16:21:17 2010] [debug] mod_deflate.c(615): [clientcut IP-address] Zlib: Compressed 641 to 321 : URL /!svn/bc/696 [Mon Oct 11 16:21:17 2010] [debug] mod_deflate.c(615): [clientcut IP-address] Zlib: Compressed 401 to 272 : URL / [Mon Oct 11 16:21:17 2010] [debug] mod_deflate.c(615): [clientcut IP-address] Zlib: Compressed 179 to 123 : URL / [Mon Oct 11 16:21:17 2010] [debug] mod_deflate.c(615): [clientcut IP-address] Zlib: Compressed 629 to 316 : URL / [Mon Oct 11 16:21:17 2010] [error] [clientcut IP-address] client denied by server configuration: /etc/apache2/htdocs --- Skip log --- Thanks! -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#600274: libapache2-svn working incorrect whis mod_evasive
[sysad...@gorod0k.ru] Hi, I detect problem in mod_dav_svn or mod_dav_svn_authz. If enabled mod_evasive, problems with authorization to subversion. I haven't investigated this in detail, but Subversion libsvn_neon (client side) and mod_dav_svn (server side) implement a rather inefficient protocol. Accomplishing anything requires too many queries and too many round trips. It is possible that mod_evasive is noticing these patterns and mistaking them for a DoS attack. Subversion 1.7, when it comes out (early next year, perhaps) will have a redesigned, more streamlined, HTTP-based protocol. This will only be used when both client and server are running 1.7, of course, but I expect it may solve this bug. Thanks for the report, Peter -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
