bugs.debian.org/821313

Preview meta tags from the bugs.debian.org website.

Linked Hostnames

7

  • General Meta Tags

    3
    • title
      #821313 - apache2-data: Remove links in default site page to manpages.debian.org - Debian Bug report logs
    • Content-Type
      text/html;charset=utf-8
    • viewport
      width=device-width, initial-scale=1

  • Link Tags

    3
    • canonical
      <a href="bugreport.cgi?bug=821313">821313</a>
    • icon
      /favicon.png
    • stylesheet
      /css/bugs.css

Emails

5
  • [email protected]
  • [email protected]?In-Reply-To=%3C146090574358.21387.18278520458404439457.reportbug%40silicio.jfsph.net%3E&References=%3C146090574358.21387.18278520458404439457.reportbug%40silicio.jfsph.net%3E&subject=Re%3A%20apache2-data%3A%20Remove%20links%20in%20default%20site%20page%20to%20manpages.debian.org&body=On%20Sun%2C%2017%20Apr%202016%2017%3A09%3A03%20%2B0200%20%3D%3Futf-8%3Fq%3FJavier_Fern%3DC3%3DA1ndez-Sanguino_Pe%3DC3%3DB1a%3F%3D%20%3Cjfs%40debian.org%3E%20wrote%3A%0A%3E%20Package%3A%20apache2-data%0A%3E%20Version%3A%202.4.20-1%0A%3E%20Severity%3A%20normal%0A%3E%20Tags%3A%20patch%0A%3E%20%0A%3E%20Dear%20maintainer%2C%0A%3E%20%0A%3E%20Apache2%20default%20site%20page%20includes%20links%20to%20manpages.debian.org.%20This%20is%20not%20a%0A%3E%20very%20good%20idea%20since%20many%20sites%20are%20left%20unconfigured%20by%20default%20and%20there%20are%0A%3E%20many%20%28badly%20programmed%29%20robots%20roaming%20the%20Internet%20and%20indexing%20sites.%0A%3E%20%0A%3E%20Last%20Monday%2011th%2C%20DSA%20had%20to%20disable%20the%20%27manpages.debian.org%27%20vhost%20service%20in%0A%3E%20glinka.debian.org%20because%20it%20was%20consuming%20continuously%20a%20large%20amount%20of%20CPU%0A%3E%20and%20affecting%20other%20services.%0A%3E%20%0A%3E%20Upon%20investigation%2C%20we%20have%20found%20that%20the%20service%20is%20being%20queried%20constantly%0A%3E%20for%20the%20following%20pages%3A%20%28a2ensite%2C%20a2dissite%2C%20a2enmod%2C%20a2dismod%2C%20and%0A%3E%20a2ensite%29.%20%20The%20number%20of%20daily%20queries%20have%20ranged%20from%206000%20to%2011000%20thousand%0A%3E%20and%2C%20starting%20May%208th%2C%20this%20has%20spiked%20to%2093.000%20to%20141.000%20daily%20queries%21%0A%3E%20%28you%20can%20see%20the%20details%20in%20the%20attached%20text%20file%29%0A%3E%20%0A%3E%20These%20queries%20are%20distributed%2C%20in%20a%20single%20day%20we%20have%20identified%20at%20least%20590%0A%3E%20distinct%20hosts%20making%20them%20based%20on%20at%20least%20309%20misconfigured%20web%20servers.%0A%3E%20%0A%3E%20The%20culprit%20seems%20to%20be%20some%20strange%20script%20%28programmed%20in%20GO%2C%20since%20the%20user%0A%3E%20agent%20is%20%27Go-http-client%2F1.1%27%29%20which%20looks%20for%20websites%20and%20traverses%20them.%0A%3E%20When%20they%20hits%20sites%20like%20http%3A%2F%2Fteplosnab24.ru%2F%20they%20start%20traversing%20all%0A%3E%20URLs%2C%20including%20external%20connections.%0A%3E%20%0A%3E%20We%20have%20enhanced%20the%20service%20configuration%20used%20so%20that%20we%20can%20withstand%20the%0A%3E%20excess%20of%20%28useless%29%20queries%20for%20these%20manpages%20%28as%20described%20in%20%5B1%5D%29.%0A%3E%20%0A%3E%20The%20issue%20does%20not%20exactly%20lie%20on%20the%20apache2-data%20current%20page%2C%20as%20these%20are%0A%3E%20scripts%20that%20are%20going%20awry%2C%20but%20this%20page%20is%20the%20%22detonator%22%20that%20has%20translated%0A%3E%20this%20problem%20into%20a%20service%20problem.%0A%3E%20%0A%3E%20Both%20DSA%20and%20I%20believe%20that%20the%20Apache2%20default%20configuration%20should%20avoid%0A%3E%20this%20misbehaviour%20by%20not%20including%20links%20to%20external%20sites.%20%20Please%20find%0A%3E%20attached%20a%20patch%20that%20removes%20those%20links%20from%20the%20index.html%20page%20which%20is%0A%3E%20added%20by%20default%20to%20all%20Apache%20sites%20installed%20in%20Debian.%0A%3E%20%0A%3E%20Alternatively%2C%20if%20you%20consider%20the%20manual%20pages%20to%20be%20useful%2C%20I%20would%20suggest%0A%3E%20they%20are%20included%20%28in%20HTML%20format%29%20as%20part%20of%20the%20Apache2-data%20package%20itself%20instead%20of%20%0A%3E%20linking%20to%20the%20external%20manpages.debian.org%20service.%0A%3E%20%0A%3E%20This%20change%20will%20at%20least%20prevent%20our%20service%20from%20getting%20hammered%20by%20these%0A%3E%20misconfigured%20robots.%0A%3E%20%0A%3E%20Thanks%20for%20your%20help%2C%0A%3E%20%0A%3E%20%0A%3E%20Javier%20Fernandez-Sanguino%0A%3E%20%0A%3E%20%0A%3E%20%5B1%5D%20https%3A%2F%2Flists.debian.org%2Fdebian-doc%2F2016%2F04%2Fmsg00055.html%0A%3E%20%0A%3E%20%0A%3E%20%0A%3E%20--%20System%20Information%3A%0A%3E%20Debian%20Release%3A%20stretch%2Fsid%0A
  • [email protected]?In-Reply-To=%3C1902505.QGamodEa78%40k%3E&References=%3C146090574358.21387.18278520458404439457.reportbug%40silicio.jfsph.net%3E%0A%20%3C1902505.QGamodEa78%40k%3E&subject=Re%3A%20Bug%23821313%3A%20apache2-data%3A%20Remove%20links%20in%20default%20site%20page%20to%20manpages.debian.org&body=On%20Mon%2C%2018%20Apr%202016%2022%3A23%3A44%20%2B0200%20Stefan%20Fritsch%20%3Csf%40sfritsch.de%3E%20wrote%3A%0A%3E%20On%20Sunday%2017%20April%202016%2017%3A09%3A03%2C%20Javier%20Fern%C3%A1ndez-Sanguino%20Pe%C3%B1a%20%0A%3E%20wrote%3A%0A%3E%20%3E%20Last%20Monday%2011th%2C%20DSA%20had%20to%20disable%20the%20%27manpages.debian.org%27%20vhost%0A%3E%20%3E%20service%20in%20glinka.debian.org%20because%20it%20was%20consuming%20continuously%0A%3E%20%3E%20a%20large%20amount%20of%20CPU%20and%20affecting%20other%20services.%0A%3E%20%0A%3E%20Oh%20dear...%0A%3E%20%0A%3E%20%3E%20Both%20DSA%20and%20I%20believe%20that%20the%20Apache2%20default%20configuration%20should%0A%3E%20%3E%20avoid%20this%20misbehaviour%20by%20not%20including%20links%20to%20external%20sites.%20%0A%3E%20%3E%20Please%20find%20attached%20a%20patch%20that%20removes%20those%20links%20from%20the%0A%3E%20%3E%20index.html%20page%20which%20is%20added%20by%20default%20to%20all%20Apache%20sites%0A%3E%20%3E%20installed%20in%20Debian.%0A%3E%20%0A%3E%20I%20will%20include%20that%20in%20the%20next%20upload%2C%20but%20it%20will%20take%20a%20very%20long%20%0A%3E%20time%20until%20there%20is%20no%20stable%2FLTS%20release%20with%20the%20old%20page%20anymore.%0A%3E%20%0A%3E%20Cheers%2C%0A%3E%20Stefan%0A%3E%20%0A%3E%20%0A%3E%20%0A
  • [email protected]?References=%3CE1b6hCb-00062L-HM%40franck.debian.org%3E&In-Reply-To=%3CE1b6hCb-00062L-HM%40franck.debian.org%3E&subject=Re%3A%20Bug%23821313%3A%20fixed%20in%20apache2%202.4.20-2&body=On%20Sat%2C%2028%20May%202016%2016%3A35%3A05%20%2B0000%20Stefan%20Fritsch%20%3Csf%40debian.org%3E%20wrote%3A%0A%3E%20Source%3A%20apache2%0A%3E%20Source-Version%3A%202.4.20-2%0A%3E%20%0A%3E%20We%20believe%20that%20the%20bug%20you%20reported%20is%20fixed%20in%20the%20latest%20version%20of%0A%3E%20apache2%2C%20which%20is%20due%20to%20be%20installed%20in%20the%20Debian%20FTP%20archive.%0A%3E%20%0A%3E%20A%20summary%20of%20the%20changes%20between%20this%20version%20and%20the%20previous%20one%20is%0A%3E%20attached.%0A%3E%20%0A%3E%20Thank%20you%20for%20reporting%20the%20bug%2C%20which%20will%20now%20be%20closed.%20%20If%20you%0A%3E%20have%20further%20comments%20please%20address%20them%20to%20821313%40bugs.debian.org%2C%0A%3E%20and%20the%20maintainer%20will%20reopen%20the%20bug%20report%20if%20appropriate.%0A%3E%20%0A%3E%20Debian%20distribution%20maintenance%20software%0A%3E%20pp.%0A%3E%20Stefan%20Fritsch%20%3Csf%40debian.org%3E%20%28supplier%20of%20updated%20apache2%20package%29%0A%3E%20%0A%3E%20%28This%20message%20was%20generated%20automatically%20at%20their%20request%3B%20if%20you%0A%3E%20believe%20that%20there%20is%20a%20problem%20with%20it%20please%20contact%20the%20archive%0A%3E%20administrators%20by%20mailing%20ftpmaster%40ftp-master.debian.org%29%0A%3E%20%0A%3E%20%0A%3E%20-----BEGIN%20PGP%20SIGNED%20MESSAGE-----%0A%3E%20Hash%3A%20SHA256%0A%3E%20%0A%3E%20Format%3A%201.8%0A%3E%20Date%3A%20Sat%2C%2028%20May%202016%2016%3A14%3A09%20%2B0200%0A%3E%20Source%3A%20apache2%0A%3E%20Binary%3A%20apache2%20apache2-data%20apache2-bin%20apache2-utils%20apache2-suexec-pristine%20apache2-suexec-custom%20apache2-doc%20apache2-dev%20apache2-dbg%0A%3E%20Architecture%3A%20source%20amd64%20all%0A%3E%20Version%3A%202.4.20-2%0A%3E%20Distribution%3A%20unstable%0A%3E%20Urgency%3A%20medium%0A%3E%20Maintainer%3A%20Debian%20Apache%20Maintainers%20%3Cdebian-apache%40lists.debian.org%3E%0A%3E%20Changed-By%3A%20Stefan%20Fritsch%20%3Csf%40debian.org%3E%0A%3E%20Description%3A%0A%3E%20%20apache2%20%20%20%20-%20Apache%20HTTP%20Server%0A%3E%20%20apache2-bin%20-%20Apache%20HTTP%20Server%20%28modules%20and%20other%20binary%20files%29%0A%3E%20%20apache2-data%20-%20Apache%20HTTP%20Server%20%28common%20files%29%0A%3E%20%20apache2-dbg%20-%20Apache%20debugging%20symbols%0A%3E%20%20apache2-dev%20-%20Apache%20HTTP%20Server%20%28development%20headers%29%0A%3E%20%20apache2-doc%20-%20Apache%20HTTP%20Server%20%28on-site%20documentation%29%0A%3E%20%20apache2-suexec-custom%20-%20Apache%20HTTP%20Server%20configurable%20suexec%20program%20for%20mod_suexec%0A%3E%20%20apache2-suexec-pristine%20-%20Apache%20HTTP%20Server%20standard%20suexec%20program%20for%20mod_suexec%0A%3E%20%20apache2-utils%20-%20Apache%20HTTP%20Server%20%28utility%20programs%20for%20web%20servers%29%0A%3E%20Closes%3A%20820824%20821313%20821956%20822144%20823259%0A%3E%20Changes%3A%0A%3E%20%20apache2%20%282.4.20-2%29%20unstable%3B%20urgency%3Dmedium%0A%3E%20%20.%0A%3E%20%20%20%20%2A%20Fix%20crash%20in%20ap_get_useragent_host%28%29%20triggered%20by%20mod_perl%20test.%0A%3E%20%20%20%20%20%20Closes%3A%20%23820824%0A%3E%20%20%20%20%2A%20Fix%20race%20condition%20and%20logical%20error%20in%20init%20script.%20Thanks%20to%20Thomas%0A%3E%20%20%20%20%20%20Stangner%20for%20the%20patch.%20Closes%3A%20%23822144%0A%3E%20%20%20%20%2A%20Remove%20links%20to%20manpages.debian.org%20in%20default%20index.html%20to%20avoid%0A%3E%20%20%20%20%20%20broken%20robots%20doing%20a%20DoS%20on%20the%20site.%20Closes%3A%20%23821313%0A%3E%20%20%20%20%2A%20Fix%20a2enmod%20to%20run%20on%20perl%205.14%20to%20simplify%20backports.%20Closes%3A%20%23821956%0A%3E%20%20%20%20%2A%20Bump%20Standards-Version%20%28no%20changes%20necessary%29.%0A%3E%20%20%20%20%2A%20Fix%20segfault%20with%20logresolve%20-c.%20Closes%3A%20%23823259%0A%3E%20Checksums-Sha1%3A%0A%3E%20%20e3041ff82a87356f686dfe8fa461ea1f972b1e03%202654%20apache2_2.4.20-2.dsc%0A
  • [email protected]

Links

8