Smalltalk › Pharo › Pharo Issue Tracker

FogBugz (Case [Issue]10559) Zinc - www.pharo-project.org / cmsbox acts weird against Zinc

_‹ Previous Topic Next Topic _›

Classic

List

Threaded

1 message

Pharo Issue Tracker

FogBugz (Case [Issue]10559) Zinc - www.pharo-project.org / cmsbox acts weird against Zinc

A FogBugz case was edited by Sven Van Caekenberghe.

Case ID: 10559
Title: www.pharo-project.org / cmsbox acts weird against Zinc
Status: Work Needed
Category: Bug
Project: Zinc
Area: Misc
Priority: 3 - Must Fix
Milestone: Later
Assigned To: Everyone

URL: https://pharo.fogbugz.com/default.asp?10559

Here is the reply from cmsbox:

We are sorry that our server configuration had unforeseen side effects.
Your observations are absolutely correct: our security officer blocked
these requests based on IP and user agent string which is the reason why
your tests now fail.

First of all: we did not know what the purpose of these requests was. We
just saw regularly strange hits within a small time range like
"/page-that-will-never-ever-exist/?C=M%3BO%3DD" that we could not
explain and which were never announced to us. As the Cmsbox of
pharo-project.org was aggressively attacked (thousands of requests) last
weekend by robots and even killed several times (out of memory) we were
heavily restricting what comes through to the Cmsbox and what not. And
these requests did not make it... sorry.

But: please note that our infrastructure is not a playground. It is a
productive environment for hundreds of websites which is the reason that
we became very careful about security attacks. Using mod_security for
Apache and other tools we are restricting access to cmsbox websites as
there are a lot of unwanted visitors out there. Besides, a Pharo image
cannot handle unlimited requests and we cannot load balancing to
infinity. Therefore we focus to keep the existing resources free for
real website visitors and some legitimate (and unfortunately rarely
intelligent) robots.

Of course we are willing to discuss solutions which fulfil some criteria
such as a rate limit (max. request count per minute) and we will allow
these requests to get through again. Do you have propositions how this
could be integrated within this test suite? Or could not be a separate
Pharo image on a testing environment we would provide be a better
solution for such a test suite?

Thank you for your understanding!

Chris

You are subscribed to this case. If you do not want to receive automatic notifications in the future, unsubscribe (https://pharo.fogbugz.com/default.asp?pre=preUnsubscribe&pg=pgEditBug&command=view&ixBug=10559) from this case.

_______________________________________________
Pharo-bugtracker mailing list
[hidden email]
http://lists.gforge.inria.fr/cgi-bin/mailman/listinfo/pharo-bugtracker