All,
I've been running 0.8.1 in production since shortly after its release. Ever since moving from 0.7.2, my Apache logs are being flooded with "403 Forbidden" errors. A typical example is:
2xx.xx.xxx.xx - - [01/Oct/2012:06:24:22 -0700] "GET /webmail/?_task=mail&_action=keep-alive&_remote=1&_unlock=0&_=1349097860835 HTTP/1.1" 403 15
Any ideas what might be going on here? Of how to deal with it?
Environment: RHEL5, Apache 2.2.3, PHP 5.3
I've actually been seeing the same thing in 0.8.0 and was wondering if 0.8.1 fixes the issue. I guess not.
I (also) haven't been able to dig too far in to it but I can usually get the client to stop flooding us with requests by deleting the session for that client's IP address in the sessions table in the roundcube database. Anecdotally it seems like there's a lot of repeat offenders: a small number of users/client IPs generating most of the 403s. I personally suspect something strange on their machines but I haven't been able to recreate the problem myself to really investigate well.
We're RHEL6.3, Lighttpd 1.4.31, php 5.3.3 (fastcgi), dovecot 2.1.9. Plugins: 'login_info', 'newmail_notifier', 'quickrules', 'cas_authn_opt', 'messagesize', 'sieverules', 'listcommands', 'contextmenu', 'copymessage', 'emoticons', 'vcard_attachments', 'new_user_dialog', 'dovecot_impersonate', 'help', 'vcard_attach'.
David Warden
On Oct 1, 2012, at 11:47 AM, Arne Berglund aberglund@lesd.k12.or.us wrote:
All,
I've been running 0.8.1 in production since shortly after its release. Ever since moving from 0.7.2, my Apache logs are being flooded with "403 Forbidden" errors. A typical example is:
2xx.xx.xxx.xx - - [01/Oct/2012:06:24:22 -0700] "GET /webmail/?_task=mail&_action=keep-alive&_remote=1&_unlock=0&_=1349097860835 HTTP/1.1" 403 15
Any ideas what might be going on here? Of how to deal with it?
Environment: RHEL5, Apache 2.2.3, PHP 5.3
-- Arne Berglund System Administrator, Internet Services Lane Education Service District Eugene, OR ____________
Roundcube Users mailing list users@lists.roundcube.net http://lists.roundcube.net/mailman/listinfo/users
We have a similar thing happening on one of our busiest servers.
tail -n 6000 /var/log/httpd/access_log |cut -f1 -d' ' |sort |uniq -c |sort -n
on our CentOS server seems to indicate one or two users have 1,000s of connections at once. Approximately up to 50 a second.
Is this a javascript bug somewhere in roundcube, or what's causing it?
More importantly, what's the long term fix? Logging into the server and kicking the problem subscriber(s) is not tenable in the long term.
-- View this message in context: http://roundcube-webmail.10982.n7.nabble.com/Apache-403-Forbidden-issues-in-... Sent from the Users mailing list archive at Nabble.com.
On 2013-05-24 13:34, crhylove wrote:
We have a similar thing happening on one of our busiest servers.
tail -n 6000 /var/log/httpd/access_log |cut -f1 -d' ' |sort |uniq -c |sort -n
on our CentOS server seems to indicate one or two users have 1,000s of connections at once. Approximately up to 50 a second.
Is this a javascript bug somewhere in roundcube, or what's causing it?
More importantly, what's the long term fix? Logging into the server and kicking the problem subscriber(s) is not tenable in the long term.
It may be too early to say for certain, but I upgraded from 0.8.6 to 0.9.1 earlier this week, and that seems to have almost eliminated those log entries.
-- Arne Berglund System Administrator, Internet Services Lane Education Service District Eugene, OR ____________
On 05/24/2013 10:59 PM, Arne Berglund wrote:
It may be too early to say for certain, but I upgraded from 0.8.6 to 0.9.1 earlier this week, and that seems to have almost eliminated those log entries.
This was fixed in 0.8.3
- Fix possible HTTP DoS on error in keep-alive requests (#1488782)
-
A.L.E.C -
Arne Berglund -
crhylove -
David Warden