| This site uses Fedora Core 6 and Apache. Fedora is constantly being tightened up to make installations as secure as possible. This includes distros that have Apache security rules as "protective" as is seen to be sensible in the context of known threats to systems. This project has suffered in recent times with DoS, DDoS and hack attempts. It has survived so far albeit bandwidth especially was affected. |
| On the basis of the above you can expect this project to be the last to relax security. Indeed it will tighten and tighten wherever it can as part of its brief to improve BOINC projects per se. Having said this there are many stats sites and uptime/availability sites that want legitimate access but their adherance to HTTP protocols is unacceptable. This results in Apache throwing its teddey bear out and shouting Error 406 quite often. This just fills the logs and hides away the attempts by real hackers trying to subvert the servers. |
|
Below I have posted a both tried and tested PHP 5 code snippet that opens stats files without causing a crisis for Apache. It is requested that all users of data from this system use "at least" this approach as it creates an acceptable HTTP Headers set. Ideally the Request-Method, Request-URI, Request-Version would be accompanied by headers User-Agent, Accept, Accept-Encoding, Content-Type. The extent to which coders will be able to respond to this will vary from programming language to language. But please at least a User-Agent. |
|
$url = "http://neuron.mine.nu/stats/tables.xml"; $opts = array( 'http'=>array( 'method'=>"GET", 'header'=>"Accept-language: en\r\n" . "Accept: */*\r\n" . "Pragma: no-cache\r\n" . /* HTTP 1.0 compat */ "Cache-Control: no-cache" . "User-Agent: BOINC Stats-Uptime-Client Stats-Request BOINCUK.COM\r\n") ); $context = stream_context_create($opts); $fpi = @fopen( $url, "r", false, $context) or die ("Unable to open remote server tables file - ".$url." \n"); |
| It is unclear what uptime & scheduler status measuring sites do to obtain their information. Packet traces show some do a HTTP GET and leave the rest of the HTTP headers absent. Others are better than this and provide enough to be able to respond to. This absence of headers causes an Error 406. The minimum needed with the GET shown above, irrespective of what you are seeking to access, is Accept-Language and User-Agent. The main reason for an Error 406 is that the User-Agent header is missing. So please can you include this in your code. |
|
In respect of User-Agent it is noted that BOINC core client uses the User-Agent: BOINC client. BOINCstats BAM is used by an account manager. BOINC Stats-Uptime Request BOINCUK.COM is in use for stats from the BOINCUK team. It is, as a server admin, desirable to know what agents are in use. Perhaps as you make any changes to your code you might consider the above examples and model yours along the following lines: Field 1 -> "BOINC" Field 2 -> "Client name" e.g. core client Field 3 -> "Function" e.g. stats-request or RSS-feed-request Field 4 -> "Your organisation" e.g. BOINCUK.COM |
| To give developers time I have relaxed the particular mod_security rule to allow through requests without a User-Agent. This WILL be closed off again. Thanks |