Welcome to Soft32 Linux Forums!
FAQFAQ    SearchSearch      ProfileProfile    Private MessagesPrivate Messages   Log inLog in

Bug#400619: Default VirtualHosts for 2 of 3 security.debia..

  
   Soft32 Home -> Linux2 Arch -> Bugs Dist RSS
Next:  Bug#400615: mozilla-tabextensions: no close butto..  
Author Message
Daniel E. Markle

External


Since: Nov 27, 2006
Posts: 4



(Msg. 1) Posted: Mon Nov 27, 2006 1:00 pm
Post subject: Bug#400619: Default VirtualHosts for 2 of 3 security.debian.org Mirrors Useless
Archived from groups: linux>debian>bugs>dist (more info?)
Package: security.debian.org

A dig on the security.debian.org mirrors returns three results:

security.debian.org. 300 IN A 212.211.132.32
security.debian.org. 300 IN A 212.211.132.250
security.debian.org. 300 IN A 128.101.240.212

If you browse to the IP addresses, two of them return the Debian
default configuration page instead of a sensible default page (
http://212.211.132.32 and http://212.211.132.250 ). One of them (
http://128.101.240.212 ) returns a sensible website and allows access
to http://128.101.240.212/debian-security/ (which is useful when using
apt via a port forwarded connection to a box with no DNS access, for
example).

Fixing this should be rather easy; just change the default virtualhost
from the useless placeholder page to the same useful website as
128.101.240.212.


--
To UNSUBSCRIBE, email to debian-bugs-dist-REQUEST.DeleteThis@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster.DeleteThis@lists.debian.org
Back to top
Login to vote
Martin Schulze

External


Since: Jan 18, 2006
Posts: 69



(Msg. 2) Posted: Mon Nov 27, 2006 2:20 pm
Post subject: Bug#400619: Default VirtualHosts for 2 of 3 security.debian.org Mirrors Useless [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
Daniel E. Markle wrote:
> Package: security.debian.org
>
> A dig on the security.debian.org mirrors returns three results:
>
> security.debian.org. 300 IN A 212.211.132.32
> security.debian.org. 300 IN A 212.211.132.250
> security.debian.org. 300 IN A 128.101.240.212
>
> If you browse to the IP addresses, two of them return the Debian
> default configuration page instead of a sensible default page (
> http://212.211.132.32 and http://212.211.132.250 ). One of them (
> http://128.101.240.212 ) returns a sensible website and allows access
> to http://128.101.240.212/debian-security/ (which is useful when using
> apt via a port forwarded connection to a box with no DNS access, for
> example).

I'd just say that this is not a supported way to access the
Debian archive. Use ftp or rsync instead.

Regards,

Joey

--
Given enough thrust pigs will fly, but it's not necessarily a good idea.

Please always Cc to me when replying to me on the lists.


--
To UNSUBSCRIBE, email to debian-bugs-dist-REQUEST DeleteThis @lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster DeleteThis @lists.debian.org
Back to top
Login to vote
Daniel E. Markle

External


Since: Nov 27, 2006
Posts: 4



(Msg. 3) Posted: Mon Nov 27, 2006 5:10 pm
Post subject: Bug#400619: Default VirtualHosts for 2 of 3 security.debian.org Mirrors Useless [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
Quoting Martin Schulze <joey.RemoveThis@infodrom.org>:
> I'd just say that this is not a supported way to access the
> Debian archive. Use ftp or rsync instead.

There are a couple of issues I have with that answer.

What is the value of having useless stock distribution default virtual
hosts? Is having them point to something useful not worthwhile for
some reason?

As a consistency issue, trying to use SSH port forwarding to access
the Debian security archive via http will mysteriously fail about 2 of
3 times. This is annoying and takes time to troubleshoot; preferably
it should always work or always fail.

Why would you want to SSH port forward instead of just connecting
directly to the archive? When using machines in a locked down DMZ,
there is value in having a machine that can't reach the outside as it
can't be used as a zombie if exploited.

For the same reasons Debian doesn't mirror the security archive on
outside machines, having a cache of the archive and using that as a
workaround has its own issues. Port forwarding ftp can be a pita, and
rsync has its own world of issues, including increased load on both
Debian's and my servers.
Back to top
Login to vote
Display posts from previous:   
Related Topics:
Bug#402689: mediawiki installs to all VirtualHosts - Package: mediawiki Version: 1:1.7 Severity: important On installation, mediawiki sym-links from..

Bug#411809: Security: default configuration allows unrestr.. - Package: ntp Version: 1:4.2.2.p4+dfsg-1 Severity: important $ ntpdc ntpdc> reslist ... :: :: ...

Bug#358651: Default menu.lst is world-readable (maybe a se.. - Hi. As reported, the default permissions of menu.lst, allow any user to see the contents of the file. Since it's..

Bug#410588: amavisd-new: Please disable all contrib/non-fr.. - Package: amavisd-new Severity: normal Tags: security As far as I can see, amavisd-new uses several contrib and..

Bug#411256: Default build.conf doesn't match default stric.. - Package: selinux-policy-refpolicy-src Version: 0.0.20061018-3 Severity: normal The build.conf included in the referenc...

Bug#400111: Please ship a nice featureful status line enab.. - Package: screen Severity: wishlist < me on #debian-devel> wouldn't it be cool if GNU Screen shipped with a trick...
       Soft32 Home -> Linux2 Arch -> Bugs Dist All times are: Pacific Time (US & Canada) (change)
Page 1 of 1

 
 You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Categories:
 Windows
 Linux
 Mac
 PDA

[ Contact us | Terms of Service/Privacy Policy ]