I'm seeing http://svn.osgeo.org/ or http://trac.osgeo.org/ not responding, at
least not reliably enough to be able to file a SAC ticket Confirmed from
someone from the US, so not an issue at my end.
On Sun, May 8, 2016 at 6:17 PM, Even Rouault <even.rouault@spatialys.com> wrote:
Hi,
I'm seeing http://svn.osgeo.org/ or http://trac.osgeo.org/ not responding, at
least not reliably enough to be able to file a SAC ticket Confirmed from
someone from the US, so not an issue at my end.
On Mon, May 09, 2016 at 10:04:48PM +0200, Markus Neteler wrote:
On May 9, 2016 10:02 PM, "Sandro Santilli" <strk@keybit.net> wrote:
>
> On Mon, May 09, 2016 at 09:35:06PM +0200, Markus Neteler wrote:
> > Hi,
> >
> > at time trac is almost unusable
> >
> > I can neither update tickets nor get into the admin panel.... (GRASS
> > GIS trac). Timeout..
> >
> > Any idea?
>
> You're probably banned by osgeo-http-dos.
Grrrr
It looks like more than 30 requests are easy to do in 2 minutes.
Especially when using SVN (now that I checked)
I've reduced the check so it takes 30+ requests in 1 minute now,
and only check trac (jail name changed accordingly).
Don't reload too much !
> Which IP do you come from ?
Sorry, no idea. I left the office in favor of dinner... It is a Telekom
Germany connection AFAIK.
The ban lasts 15 minutes. While banned you'll get the timeout as you
mentioned.
Le lundi 09 mai 2016 00:17:32, Even Rouault a écrit :
Hi,
I'm seeing http://svn.osgeo.org/ or http://trac.osgeo.org/ not responding,
at least not reliably enough to be able to file a SAC ticket Confirmed
from someone from the US, so not an issue at my end.
Hi,
http://trac.osgeo.org/ has started again being unresponsive since
approximately 10 minutes.
Sandro seemed to suggest this might be due to to the fail2ban script running
(not sure if I understood well) ? Anyway making it run while preserving some
disponibility of Trac ?
On Tue, May 10, 2016 at 03:20:37PM +0200, Markus Neteler wrote:
On Tue, May 10, 2016 at 3:05 PM, Markus Neteler <neteler@osgeo.org> wrote:
> On Tue, May 10, 2016 at 2:48 PM, Markus Neteler <neteler@osgeo.org> wrote:
>> Back in the office now - but still blocked!
>
> Indeed: again blocked. I just checked on trac:
>
> 2016-05-10 06:02:36,617 fail2ban.actions: WARNING [osgeo-trac-auth]
> Ban 217.86.229.XXX
>
> So I cannot even authenticate at time.
Since I wanted to continue, I have now whitelisted my IP
Approved
Anyway, the 'osgeo-trac-auth' ban doesn't have to do with reloads
or excessive requests, but with authentication failures. Check out
the rule, and let me know if you think it needs to be tweaked.
On Tue, May 10, 2016 at 03:48:54PM +0200, Even Rouault wrote:
Le lundi 09 mai 2016 00:17:32, Even Rouault a écrit :
> Hi,
>
> I'm seeing http://svn.osgeo.org/ or http://trac.osgeo.org/ not responding,
> at least not reliably enough to be able to file a SAC ticket Confirmed
> from someone from the US, so not an issue at my end.
http://trac.osgeo.org/ has started again being unresponsive since
approximately 10 minutes.
Sandro seemed to suggest this might be due to to the fail2ban script running
(not sure if I understood well) ? Anyway making it run while preserving some
disponibility of Trac ?
My hypotesis was that your IP got cought by fail2ban, which would result
in a 10 minutes ban (if found failing more than an authentication) or in
a 15 minutes ban (if found to be making more than 30 requests in one
minute). If this is the case, the TCP packets would be dropped so you
would never get a response within the ban timeframe.
I could dig more if you gave me the IP you are coming from.
Le mardi 10 mai 2016 18:17:24, Sandro Santilli a écrit :
On Tue, May 10, 2016 at 03:48:54PM +0200, Even Rouault wrote:
> Le lundi 09 mai 2016 00:17:32, Even Rouault a écrit :
> > Hi,
> >
> > I'm seeing http://svn.osgeo.org/ or http://trac.osgeo.org/ not
> > responding, at least not reliably enough to be able to file a SAC
> > ticket Confirmed from someone from the US, so not an issue at my
> > end.
>
> http://trac.osgeo.org/ has started again being unresponsive since
> approximately 10 minutes.
> Sandro seemed to suggest this might be due to to the fail2ban script
> running (not sure if I understood well) ? Anyway making it run while
> preserving some disponibility of Trac ?
My hypotesis was that your IP got cought by fail2ban, which would result
in a 10 minutes ban (if found failing more than an authentication) or in
a 15 minutes ban (if found to be making more than 30 requests in one
minute). If this is the case, the TCP packets would be dropped so you
would never get a response within the ban timeframe.
I could dig more if you gave me the IP you are coming from.
(off-list response to avoid my ip being too widespreadly known)
My IP (fixed) : 88.162.84.61
Could you white-list it ?
Le mardi 10 mai 2016 18:17:24, Sandro Santilli a écrit :
On Tue, May 10, 2016 at 03:48:54PM +0200, Even Rouault wrote:
> Le lundi 09 mai 2016 00:17:32, Even Rouault a écrit :
> > Hi,
> >
> > I'm seeing http://svn.osgeo.org/ or http://trac.osgeo.org/ not
> > responding, at least not reliably enough to be able to file a SAC
> > ticket Confirmed from someone from the US, so not an issue at my
> > end.
>
> http://trac.osgeo.org/ has started again being unresponsive since
> approximately 10 minutes.
> Sandro seemed to suggest this might be due to to the fail2ban script
> running (not sure if I understood well) ? Anyway making it run while
> preserving some disponibility of Trac ?
My hypotesis was that your IP got cought by fail2ban, which would result
in a 10 minutes ban (if found failing more than an authentication) or in
a 15 minutes ban (if found to be making more than 30 requests in one
minute). If this is the case, the TCP packets would be dropped so you
would never get a response within the ban timeframe.
That might probably be it. This restarted working, and right now I'm stuck
again (both Trac and SVN rejecting me)
This fail2ban mechanism seems to prevent legitimate uses. Yes, I do refresh
Trac or do svn operations a lot when working on GDAL.
I could dig more if you gave me the IP you are coming from.
(seing that my "off-list" attempt ended up on the list... anyway... )