[PATCH] avoid \xZZ in mirrorlist urls

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



We are getting some mirrorlist requests with escape characters in them
such as \xe2 .  While I've taken steps to deal with these in the
mirrorlist code, at least one client makes such a request hourly, and
they are causing the mirrorlist WSGI process to spin.  I can't
recreate the failure, even using the same request URI, and the fixes
I've tried haven't avoided them all.

I'd like to block such requests at the proxy, to prevent them from
making it all the way to MM.  It's a hack, but I'm at a loss for
another solution right now.


diff --git a/modules/mirrormanager/templates/mirrormanager-mirrorlist.conf.erb b/modules/mirrormanager/templates/mirrormanager-mirrorlist.conf.erb
index e52c926..95792fe 100644
--- a/modules/mirrormanager/templates/mirrormanager-mirrorlist.conf.erb
+++ b/modules/mirrormanager/templates/mirrormanager-mirrorlist.conf.erb
@@ -17,6 +17,10 @@ RewriteEngine On
 RewriteCond %{QUERY_STRING} repo=epel-5&arch=\$basea\$
 RewriteRule ^/mirrorlist - [F]
 # END hack
+# BEGIN hack for escaped chars
+RewriteCond %{QUERY_STRING} \\x
+RewriteRule ^/(mirrorlist|metalink) - [F]
+# END hack
 RewriteRule ^/publiclist(.*) <%= proxyurl %>/publiclist/$1 [P,L]
 RewriteRule ^/mirrorlist(.*) <%= proxyurl %>/mirrorlist$1 [P,L]
 RewriteRule ^/metalink(.*) <%= proxyurl %>/metalink$1 [P,L]

-- 
Matt Domsch
Technology Strategist
Dell | Office of the CTO
_______________________________________________
infrastructure mailing list
infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/infrastructure

[Index of Archives]     [Fedora Development]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]

  Powered by Linux