mod_rewrite protection

Changes made to the system

Moderator: drgrussell

Post Reply
drgrussell
Site Admin
Posts: 426
Joined: Sat Feb 12, 2005 8:57 pm
Are you a robot or a human?: Human

mod_rewrite protection

Post by drgrussell » Thu Nov 23, 2006 1:25 pm

One of the last remaining reasons for the hubs unresponsive messages is when a student writes bad mod_rewrite rules which become recursive. This produces 100's of new connections per second, and when these are logged the system protects itself by bringing the hubs down. Of course the real answer to this is to get everyone to write good mod_rewrite rules!

I have adjusted the system in 2 ways.
1. URLs for virtual machines which are >256 characters are redirected to a local cgi script which suggests this is a runaway query.
2. the firewall uses hashlimit to limit the connections per second to virtual machines. This may result in an 50x error if you are caught by this rule.

The firewall rule is still quite generously set, so should only happen when there is really a problem. Hopefull this will be the last hub down message you ever see!

At the same time I added a few new checks to the apache1 tutorial to detect for recursive rewrites and for failing to have the right rewritecond tests.

G.

Post Reply

Who is online

Users browsing this forum: No registered users and 2 guests