[CentOS-mirror] Mirror Status incorrect?

Tue May 21 09:30:34 UTC 2013
Info | HostingXtreme.com <info at hostingxtreme.com>

Right. It was mod_security's suspicious User-Agent rule that was triggering
the firewall block.

[Mon May 13 23:27:28 2013] [error] [client 72.232.223.58] ModSecurity:
Access denied with code 403 (phase 2). Match of "rx (^w3c-|systran\\\\))"
against "REQUEST_HEADERS:User-Agent" required. [file
"/usr/local/apache/conf/modsec_rules/20_asl_useragents.conf"] [line "130"]
[id "330039"] [rev "4"] [msg "Atomicorp.com UNSUPPORTED DELAYED Rules:
Suspicious Unusual User Agent (libwww-perl).  Disable this rule if you use
libwww-perl. "] [severity "CRITICAL"] [hostname "centos.hostingxtreme.com"]
[uri "/6.3/os/i386/repodata/repomd.xml"] [unique_id
"UZEpiM7eFzIAC1GSBYMAAAAL"]

This was the only IP blocked for this subdomain, so legitimate users should
not be getting affected. I have disabled that rule for this subdomain.

As far as the slowdown is concerned, we do not have any block based on DNS
/ rDNS / region / location etc. In all the test tools etc, the DNS does not
seem to be the problem.

Wait 83.19%
Connect 8.53%
SSL 6.04%
DNS 2.23%
Receive 0.01%
Send 0.00%


Any other suggestions welcome.

Ruzbeh.

On Tue, May 21, 2013 at 2:28 AM, Ralph Angenendt
<ralph.angenendt at gmail.com>wrote:

> On 20.05.2013 08:47, Info | HostingXtreme.com wrote:
> > I traced the mirror status probe server to 72.232.223.58 (US/United
> States/
> > 58.223.232.72.static.reverse.ltdomains.com)
> >
> > Whitelisting this IP in the firewall has got it to show up again. Not
> sure
> > how many other Probe IPs are there.
>
> That should be the only probing IP. But as it is doing http and/or ftp
> connects on a *public* mirror, it shouldn't be in a blacklist anyway (or
> firewalled), as it behaves as a normal client.
>
> It checks for the two timestamp files in the / of your mirror.
>
> Regards,
>
> Ralph
>
> _______________________________________________
> CentOS-mirror mailing list
> CentOS-mirror at centos.org
> http://lists.centos.org/mailman/listinfo/centos-mirror
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos-mirror/attachments/20130521/c6333ce8/attachment-0006.html>