Closed
Bug 587065
Opened 14 years ago
Closed 13 years ago
Restrict requests to StAMN
Categories
(Infrastructure & Operations Graveyard :: WebOps: Other, task)
Infrastructure & Operations Graveyard
WebOps: Other
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: clouserw, Assigned: oremj)
References
Details
We've got StAMO acting as a proxy now (awesome), but if you load the front page it works: https://static.addons.mozilla.org/en-US/firefox/ We should add some restrictions on this. I think we can 403 or 404 any requests that don't match: .*(gif|jpg|png|css|js|jsi18n)/?(\?[A-Za-z0-9=-]).*? Someone double check that regex please. Also, StAMO doesn't need to handle anything other than GET. I just checked a request to StAMO and I'm still sending 8 cookies (most of them that __utm stuff) for each request. One of the benefits of the CDN was less cookie traffic - perhaps we should be using static.addons.mozilla.net.
|
||
Comment 1•14 years ago
|
||
(In reply to comment #0) > .*(gif|jpg|png|css|js|jsi18n)/?(\?[A-Za-z0-9=-]).*? I don't think Apache looks at the query string. If that's the case we could do (gif|jpg|png|css|js|jsi18n)$
|
||
Updated•14 years ago
|
Assignee: server-ops → jeremy.orem+bugs
|
Assignee | |
Comment 2•14 years ago
|
||
Does any of (gif|jpg|png|css|js|jsi18n) need the app code to function? If it doesn't I can create another vhost that doesn't run wsgi/php.
|
Reporter | |
Comment 3•14 years ago
|
||
it needs app code
|
|
Assignee | |
Updated•14 years ago
|
Severity: normal → enhancement
OS: Other → BSDI
|
|
Assignee | |
Comment 5•14 years ago
|
||
Wanted to confirm the regex in comment 1 is really all we need. Can I do this whenever?
|
|
||
Comment 6•14 years ago
|
||
If we use this to serve addon icons, the regex will block them since we don't put a file extension on those requests. https://addons.mozilla.org/en-US/firefox/images/addon_icon/1191/?modified=1290785704
|
|
Reporter | |
Comment 7•14 years ago
|
||
(In reply to comment #6) > If we use this to serve addon icons, the regex will block them since we don't > put a file extension on those requests. > > https://addons.mozilla.org/en-US/firefox/images/addon_icon/1191/?modified=1290785704 Andy is fixing those up in zamboni so they'll have .png in them. I think the regex in comment 1 is fine. I'd like to do it during a push, SAMO uses this site right now. Can schedule for next tuesday's push if you want
OS: BSDI → All
|
|
Reporter | |
Comment 8•14 years ago
|
||
We're slightly behind our code schedule so we aren't ready for this. Please hold off for now.
Summary: Restrict requests to StAMO → Restrict requests to StAMN
|
|
Reporter | |
Comment 9•14 years ago
|
||
Also, for the record, we'll want to allow _files too - I'll come up with a new regex soon
Blocks: 619403
|
|
Assignee | |
Updated•14 years ago
|
Assignee: jeremy.orem+bugs → clouserw
|
||
Comment 10•14 years ago
|
||
Any ETA here? Can we close and reopen whenever ready?
|
|
Reporter | |
Comment 11•14 years ago
|
||
I'll take it out of server ops if it'll help. Will give it back soon.
Component: Server Operations: Web Content Push → Code Quality
Product: mozilla.org → addons.mozilla.org
QA Contact: mrz → code-quality
Target Milestone: --- → 5.12.7
Version: other → unspecified
|
|
Reporter | |
Comment 12•13 years ago
|
||
Back to you guys. There are two regex's that validate what we should serve off the CDN, so I think we'll need RewriteCond. The regex's: ^/_files/ (css|gif|jpg|js|jsi18n|png|woff)/?$ Can you enable this filter on addons-cdn.allizom.org so we can make sure it works correctly? Thanks.
Assignee: clouserw → server-ops
Component: Code Quality → Server Operations: Web Content Push
Product: addons.mozilla.org → mozilla.org
QA Contact: code-quality → mrz
Target Milestone: 5.12.7 → ---
Version: unspecified → other
|
|
Reporter | |
Updated•13 years ago
|
Severity: enhancement → normal
|
||
Updated•13 years ago
|
Assignee: server-ops → jeremy.orem+bugs
|
|
Assignee | |
Comment 13•13 years ago
|
||
Added this to PAMO:
RewriteCond %{HTTP_HOST} ^addons-cdn.allizom.org$
RewriteCond %{REQUEST_URI} !^/_files/.*$
RewriteCond %{REQUEST_URI} !(css|gif|jpg|js|jsi18n|png|woff)/?$
RewriteRule . - [F]
and this to NAMO:
RewriteCond %{HTTP_HOST} ^addons-next-cdn.allizom.org$
RewriteCond %{REQUEST_URI} !^/_files/.*$
RewriteCond %{REQUEST_URI} !(css|gif|jpg|js|jsi18n|png|woff)/?$
RewriteRule . - [F]Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
|
|
Assignee | |
Comment 14•13 years ago
|
||
Accidentally closed. I'm not sure if you want to reopen until we do this in production or just leave it closed and add to a push bug.
|
|
Reporter | |
Comment 15•13 years ago
|
||
Closed is fine. I'll plan on pushing next thurs (9 days)
|
||
Updated•11 years ago
|
Component: Server Operations: Web Operations → WebOps: Other
Product: mozilla.org → Infrastructure & Operations
|
||
Updated•5 years ago
|
Product: Infrastructure & Operations → Infrastructure & Operations Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•