El jue, 23 de sep. de 2021 a la(s) 19:31, Aleix Pol (aleixpol@kde.org) escr= ibi=C3=B3: > > On Thu, Sep 23, 2021 at 10:12 PM Nicol=C3=A1s Alvarez > wrote: > > > > El jue, 23 de sep. de 2021 a la(s) 08:55, Aleix Pol (aleixpol@kde.org) = escribi=C3=B3: > > > > > > On Thu, Sep 23, 2021 at 11:52 AM Ben Cooksley wro= te: > > > > > > > > Hi all, > > > > > > > > It has recently come to our attention that the number of queries be= ing handled for the endpoint https://autoconfig.kde.org/ocs/providers.xml o= n a day to day basis has gotten to the point where it is causing issues wit= h server responsiveness to other traffic. This is perhaps best summarised b= y the following: > > > > > > > > root@nicoda /var/log/apache2 # ls -lah ... > > > > -rw-r----- 1 root adm 458M Sep 23 06:25 autoconfig.kde.org.log.1 > > > > -rw-r----- 1 root adm 381M Sep 23 06:25 networkcheck.kde.org.log.1 > > > > -rw-r----- 1 root adm 143M Sep 23 06:25 www.kde.org.log.1 > > > > > > > > root@nicoda /var/log/apache2 # cat autoconfig.kde.org.log.1 | wc -l > > > > 4,222,343 > > > > > > > > Based on those numbers we're looking at 48-49 requests per second (= on average - peaks are much higher by many magnitudes), which seems extreme= ly excessive given that this file is only supposed to be retrieved by KDE s= oftware when GHNS functionality is triggered. That is supported by the subs= tantial size difference it has over networkcheck.kde.org - which is used by= plasma-nm and NetworkManager (on Neon) to check for whether they have a wo= rking internet connection - which i'd expect to be the site receiving the m= ost traffic. > > > > > > > > As such, I therefore suspect we have bug(s) in software that makes = use of GHNS functionality. > > > > > > > > It would therefore be appreciated if we could please review the sof= tware in question to determine whether it is operating correctly. Given tha= t it usually runs in the background on user systems, i'd especially appreci= ate it if a detailed review could be conducted on Discover and other softwa= re that conducts package management operations or assists in managing updat= es. > > > > > > > > Unfortunately all these applications submit a fairly useless user a= gent (Mozilla/5.0) so it is impossible for Sysadmin to ascertain any furthe= r information. If we could get information on the software that is originat= ing the request added to the user agent to assist in investigating these is= sues in the future that would be extremely helpful. > > > > > > > > Thanks, > > > > Ben > > > > > > That's correct. Discover fetches them at startup. It's necessary to b= e > > > able to check if there are updates on KNS-provided resources. > > > > > > Incidentally, I was looking into this yesterday incidentally. We > > > could see if caching is broken somehow. A request will still be neede= d > > > though to check if the cache is out of date. > > > > Caching seems to be working, since the vast majority of the requests > > are returning 304 Not Modified. > > > > However in *many* cases I see a single IP making multiple requests in > > the same second, and doing it again the next minute. Here's one IP > > address picked randomly: > > > > [22/Sep/2021:06:25:41 +0000] "GET /ocs/providers.xml HTTP/1.1" 304 > > [22/Sep/2021:06:25:41 +0000] "GET /ocs/providers.xml HTTP/1.1" 304 > > [22/Sep/2021:06:25:41 +0000] "GET /ocs/providers.xml HTTP/1.1" 304 > > [22/Sep/2021:06:25:41 +0000] "GET /ocs/providers.xml HTTP/1.1" 304 > > [22/Sep/2021:06:27:57 +0000] "GET /ocs/providers.xml HTTP/1.1" 304 > > [22/Sep/2021:06:27:58 +0000] "GET /ocs/providers.xml HTTP/1.1" 304 > > [22/Sep/2021:06:27:58 +0000] "GET /ocs/providers.xml HTTP/1.1" 304 > > [22/Sep/2021:06:28:32 +0000] "GET /ocs/providers.xml HTTP/1.1" 304 > > [22/Sep/2021:06:28:32 +0000] "GET /ocs/providers.xml HTTP/1.1" 304 > > [22/Sep/2021:06:28:32 +0000] "GET /ocs/providers.xml HTTP/1.1" 304 > > [22/Sep/2021:06:28:32 +0000] "GET /ocs/providers.xml HTTP/1.1" 304 > > [22/Sep/2021:06:28:59 +0000] "GET /ocs/providers.xml HTTP/1.1" 304 > > [22/Sep/2021:06:28:59 +0000] "GET /ocs/providers.xml HTTP/1.1" 304 > > [22/Sep/2021:06:28:59 +0000] "GET /ocs/providers.xml HTTP/1.1" 304 > > [22/Sep/2021:06:28:59 +0000] "GET /ocs/providers.xml HTTP/1.1" 304 > > [22/Sep/2021:06:30:11 +0000] "GET /ocs/providers.xml HTTP/1.1" 200 > > [22/Sep/2021:06:30:11 +0000] "GET /ocs/providers.xml HTTP/1.1" 304 > > [22/Sep/2021:06:30:11 +0000] "GET /ocs/providers.xml HTTP/1.1" 200 > > [22/Sep/2021:06:30:38 +0000] "GET /ocs/providers.xml HTTP/1.1" 304 > > [22/Sep/2021:06:30:38 +0000] "GET /ocs/providers.xml HTTP/1.1" 304 > > [22/Sep/2021:06:30:38 +0000] "GET /ocs/providers.xml HTTP/1.1" 304 > > [22/Sep/2021:06:30:38 +0000] "GET /ocs/providers.xml HTTP/1.1" 304 > > [22/Sep/2021:06:31:19 +0000] "GET /ocs/providers.xml HTTP/1.1" 304 > > [22/Sep/2021:06:31:19 +0000] "GET /ocs/providers.xml HTTP/1.1" 304 > > [22/Sep/2021:06:31:19 +0000] "GET /ocs/providers.xml HTTP/1.1" 304 > > [22/Sep/2021:06:31:19 +0000] "GET /ocs/providers.xml HTTP/1.1" 304 > > [22/Sep/2021:06:31:38 +0000] "GET /ocs/providers.xml HTTP/1.1" 304 > > [22/Sep/2021:06:31:38 +0000] "GET /ocs/providers.xml HTTP/1.1" 304 > > [22/Sep/2021:06:31:38 +0000] "GET /ocs/providers.xml HTTP/1.1" 304 > > [22/Sep/2021:06:31:38 +0000] "GET /ocs/providers.xml HTTP/1.1" 304 > > > > This continues for hours. And it's not an isolated case; again, the IP > > I searched for was a random one from the log. > > > > There are 120 IP addresses that *each* made more than 10,000 requests > > in a 24h period. > > > > I tried a few GHNS things on my own system and I couldn't reproduce it.= .. > > > > -- > > Nicol=C3=A1s > > Is there a possibilty that we can get an UserAgent of something like > that to see who's asking? Yes please :P (all requests to this file currently have "Mozilla/5.0" as the User-Agent, I very much welcome modifying the code so that it sends something useful instead) --=20 Nicol=C3=A1s