Forum: Ruby on Rails Random (connections.c.1330) error-handler not found: /dispat

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
531eb73f8fbf05a197721d02b4e6aadb?d=identicon&s=25 Bogdan Ionescu (Guest)
on 2006-02-02 13:17
(Received via mailing list)
Hello,

Again another random occurance of a problem.
lighttpd.error.log contains lines like:
2006-02-02 05:02:00: (connections.c.1330) error-handler not found:
/dispatch.fcgi
2006-02-02 05:02:00: (connections.c.1330) error-handler not found:
/dispatch.fcgi
2006-02-02 05:02:00: (connections.c.1330) error-handler not found:
/dispatch.fcgi
2006-02-02 05:35:08: (connections.c.1330) error-handler not found:
/dispatch.fcgi
2006-02-02 06:23:35: (connections.c.1330) error-handler not found:
/dispatch.fcgi
2006-02-02 06:24:15: (connections.c.1330) error-handler not found:
/dispatch.fcgi

The application works fine for the most part and the above errors
appears in
some undetected cases.
I was able to see it once on a perfectly normal page; it appears however
to
happen to some other users.
It appears that every once in a while it goes bezerk and then it
recovers.
For instance from 2006-02-02 05:01:56: to 2006-02-02 05:02:00: there
were
about 100 such errors in a row.
Then I guess it resumed its normal operations and there are 3 more
'orphan'
errors (the last 3 you see)

Has anyone seen this before?
My project is on a debian dedicated server, using rails 1.0

Below is my lighttp.conf file:

server.port = 80

server.modules           = ( "mod_rewrite", "mod_accesslog",
"mod_fastcgi" )
server.error-handler-404 = "/dispatch.fcgi"
server.document-root     = "/home/avirtual/railsData/public/"
server.username            = "avirtual"
server.groupname           = "avirtual"
server.errorlog          =
"/home/avirtual/railsData/log/lighttpd.error.log"
accesslog.filename       =
"/home/avirtual/railsData/log/lighttpd.access.log"

url.rewrite              = ( "^/$" => "index.html", "^([^.]+)$" =>
"$1.html"
)

fastcgi.server = ( ".fcgi" =>
  ( "localhost" =>
      (
        "min-procs" => 5,
        "max-procs" => 10,
        "socket"    => "/home/avirtual/railsData/log/fcgi.socket",
        "bin-path"  => "/home/avirtual/railsData/public/dispatch.fcgi",
        "bin-environment" => ( "RAILS_ENV" => "production" )
      )
  )
)

mimetype.assign = (
  ".css"        =>  "text/css",
  ".gif"        =>  "image/gif",
  ".htm"        =>  "text/html",
  ".html"       =>  "text/html",
  ".jpeg"       =>  "image/jpeg",
  ".jpg"        =>  "image/jpeg",
  ".js"         =>  "text/javascript",
  ".png"        =>  "image/png",
  ".swf"        =>  "application/x-shockwave-flash",
  ".txt"        =>  "text/plain"
)
531eb73f8fbf05a197721d02b4e6aadb?d=identicon&s=25 Bogdan Ionescu (Guest)
on 2006-02-02 14:32
(Received via mailing list)
It appears that the explanation is that exactly at the same time someone
from 200.169.164.242 accessed my site 600 times in 4 seconds.
This is not a rails problem, but is this common?
I've moved my site on a new server on 31th Jan, and there have already
been
3 such attacks (and I haven't finished parsing the production.log file
yet)
What is the common reaction in such cases?

Bogdan
Ad7805c9fcc1f13efc6ed11251a6c4d2?d=identicon&s=25 Alex Young (Guest)
on 2006-02-02 14:50
(Received via mailing list)
Bogdan Ionescu wrote:
> It appears that the explanation is that exactly at the same time someone
> from 200.169.164.242 <http://200.169.164.242> accessed my site 600 times
> in 4 seconds.
> This is not a rails problem, but is this common?
> I've moved my site on a new server on 31th Jan, and there have already
> been 3 such attacks (and I haven't finished parsing the production.log
> file yet)
> What is the common reaction in such cases?
Drop them at the firewall.  Failing that:

$HTTP["remoteip"] == "200.169.164.242" {
   url.access-deny = ( "" )
}

Or something along those lines...
531eb73f8fbf05a197721d02b4e6aadb?d=identicon&s=25 Bogdan Ionescu (Guest)
on 2006-02-02 15:05
(Received via mailing list)
Well, I meant more like reporting them, than adding one ip at a time in
the
firewall.
Is there a way to configure lighttpd, apache or even the firewall to
discard
repeated requests from the same ip?
I can't think of any case that would require a certain ip to access your
server several hundread times during a few seconds
Ad7805c9fcc1f13efc6ed11251a6c4d2?d=identicon&s=25 Alex Young (Guest)
on 2006-02-02 15:48
(Received via mailing list)
Bogdan Ionescu wrote:
> Well, I meant more like reporting them, than adding one ip at a time in
> the firewall.
> Is there a way to configure lighttpd, apache or even the firewall to
> discard repeated requests from the same ip?
> I can't think of any case that would require a certain ip to access your
> server several hundread times during a few seconds
Apache's got mod_throttle, but I don't know about lighttpd...
This topic is locked and can not be replied to.