[PATCH] avoid \xZZ in mirrorlist urls

Matt Domsch Matt_Domsch at dell.com
Wed May 12 23:41:56 UTC 2010


We are getting some mirrorlist requests with escape characters in them
such as \xe2 .  While I've taken steps to deal with these in the
mirrorlist code, at least one client makes such a request hourly, and
they are causing the mirrorlist WSGI process to spin.  I can't
recreate the failure, even using the same request URI, and the fixes
I've tried haven't avoided them all.

I'd like to block such requests at the proxy, to prevent them from
making it all the way to MM.  It's a hack, but I'm at a loss for
another solution right now.


diff --git a/modules/mirrormanager/templates/mirrormanager-mirrorlist.conf.erb b/modules/mirrormanager/templates/mirrormanager-mirrorlist.conf.erb
index e52c926..95792fe 100644
--- a/modules/mirrormanager/templates/mirrormanager-mirrorlist.conf.erb
+++ b/modules/mirrormanager/templates/mirrormanager-mirrorlist.conf.erb
@@ -17,6 +17,10 @@ RewriteEngine On
 RewriteCond %{QUERY_STRING} repo=epel-5&arch=\$basea\$
 RewriteRule ^/mirrorlist - [F]
 # END hack
+# BEGIN hack for escaped chars
+RewriteCond %{QUERY_STRING} \\x
+RewriteRule ^/(mirrorlist|metalink) - [F]
+# END hack
 RewriteRule ^/publiclist(.*) <%= proxyurl %>/publiclist/$1 [P,L]
 RewriteRule ^/mirrorlist(.*) <%= proxyurl %>/mirrorlist$1 [P,L]
 RewriteRule ^/metalink(.*) <%= proxyurl %>/metalink$1 [P,L]

-- 
Matt Domsch
Technology Strategist
Dell | Office of the CTO


More information about the infrastructure mailing list