We are getting some mirrorlist requests with escape characters in them
such as \xe2 . While I've taken steps to deal with these in the
mirrorlist code, at least one client makes such a request hourly, and
they are causing the mirrorlist WSGI process to spin. I can't
recreate the failure, even using the same request URI, and the fixes
I've tried haven't avoided them all.
I'd like to block such requests at the proxy, to prevent them from
making it all the way to MM. It's a hack, but I'm at a loss for
another solution right now.
diff --git a/modules/mirrormanager/templates/mirrormanager-mirrorlist.conf.erb b/modules/mirrormanager/templates/mirrormanager-mirrorlist.conf.erb
index e52c926..95792fe 100644
--- a/modules/mirrormanager/templates/mirrormanager-mirrorlist.conf.erb
+++ b/modules/mirrormanager/templates/mirrormanager-mirrorlist.conf.erb
@@ -17,6 +17,10 @@ RewriteEngine On
RewriteCond %{QUERY_STRING} repo=epel-5&arch=\$basea\$
RewriteRule ^/mirrorlist - [F]
# END hack
+# BEGIN hack for escaped chars
+RewriteCond %{QUERY_STRING} \\x
+RewriteRule ^/(mirrorlist|metalink) - [F]
+# END hack
RewriteRule ^/publiclist(.*) <%= proxyurl %>/publiclist/$1 [P,L]
RewriteRule ^/mirrorlist(.*) <%= proxyurl %>/mirrorlist$1 [P,L]
RewriteRule ^/metalink(.*) <%= proxyurl %>/metalink$1 [P,L]
--
Matt Domsch
Technology Strategist
Dell | Office of the CTO
_______________________________________________
infrastructure mailing list
infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/infrastructure
