www-mirrors mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Karsten W. Rohrbach" <rohrb...@nacamar.net>
Subject Re: some updates
Date Fri, 13 Jun 1997 11:25:07 GMT
On Thu, 12 Jun 1997, Brian Behlendorf wrote:

(...deletia...)
> 
> This of course has some interesting ramifications:
> 
> 1) We will now be running CGI scripts on mirror sites.  Previously all CGI
> scripts, such as the search field and bug database, had an explicit link
> back to www.apache.org.  These CGI scripts only rely upon perl 4 (or 5)
> being at "/usr/local/bin/perl".  Is this a problem?
i think it is, since bofh's like me like to produce the security loopholes
on their own =) no, serously, i wont allow cgi stuff on my system when
mirroring via ftp from another site. the impact of having a hacked script
transferred to www.apache.org infesting all of the mirrors make
www.apache.org a primary target for those wannabe-crackers out there, so i
would propose to have a http://cgi.apache.org with bugdb and every other
cgi stuff on it.

> 
> 2) Sites which pull down their content via ProxyPass will not have
> dynamically generated mirror pages, though they should be cacheable.
anyway, shouldnt proxy systems bailout from the cache procedure when they
encounter a ? or & in the url? i think this is standard since a while
(squid/harvest cached do it this way)

> 
> 
> There may be more issues brought up by this than I anticipated - let's
> discuss them here.  Thanks again to everyone for providing mirror sites,
> hopefully the storm will die down soon.

try to randomize download locations on dns basis (dns round robin) for the
different locations in the net topology.

like having the following:
download.us.apache.org for the us
download.eu.apache.org for europe

i think we can learn a lot from the freebsd mirroring strategy in this
point, they dont have dns round robin but this is a point which would
render the traffic occurance a little nicer.

> 
> 	Brian
> 
> --=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
> brian@hyperreal.com     http://www.apache.org     http://www.organic.com/jobs
> 

With best regards,
Karsten W. Rohrbach

-- 
Nuclear war can ruin your whole compile. (Karl Lehenbauer)
-> http://www.webmonster.de
-> http://www.nacamar.de
-> http://www.quakeforum.de
-> http://www.apache.de


Mime
View raw message