Random (connections.c.1330) error-handler not found: /dispat

Rails
1

Hello,

Again another random occurance of a problem.
lighttpd.error.log contains lines like:
2006-02-02 05:02:00: (connections.c.1330) error-handler not found:
/dispatch.fcgi
2006-02-02 05:02:00: (connections.c.1330) error-handler not found:
/dispatch.fcgi
2006-02-02 05:02:00: (connections.c.1330) error-handler not found:
/dispatch.fcgi
2006-02-02 05:35:08: (connections.c.1330) error-handler not found:
/dispatch.fcgi
2006-02-02 06:23:35: (connections.c.1330) error-handler not found:
/dispatch.fcgi
2006-02-02 06:24:15: (connections.c.1330) error-handler not found:
/dispatch.fcgi

The application works fine for the most part and the above errors
appears in
some undetected cases.
I was able to see it once on a perfectly normal page; it appears however
to
happen to some other users.
It appears that every once in a while it goes bezerk and then it
recovers.
For instance from 2006-02-02 05:01:56: to 2006-02-02 05:02:00: there
were
about 100 such errors in a row.
Then I guess it resumed its normal operations and there are 3 more
‘orphan’
errors (the last 3 you see)

Has anyone seen this before?
My project is on a debian dedicated server, using rails 1.0

Below is my lighttp.conf file:

server.port = 80

server.modules = ( “mod_rewrite”, “mod_accesslog”,
“mod_fastcgi” )
server.error-handler-404 = “/dispatch.fcgi”
server.document-root = “/home/avirtual/railsData/public/”
server.username = “avirtual”
server.groupname = “avirtual”
server.errorlog =
“/home/avirtual/railsData/log/lighttpd.error.log”
accesslog.filename =
“/home/avirtual/railsData/log/lighttpd.access.log”

url.rewrite = ( “^/$” => “index.html”, “^([^.]+)$” =>
“$1.html”
)

fastcgi.server = ( “.fcgi” =>
( “localhost” =>
(
“min-procs” => 5,
“max-procs” => 10,
“socket” => “/home/avirtual/railsData/log/fcgi.socket”,
“bin-path” => “/home/avirtual/railsData/public/dispatch.fcgi”,
“bin-environment” => ( “RAILS_ENV” => “production” )
)
)
)

mimetype.assign = (
“.css” => “text/css”,
“.gif” => “image/gif”,
“.htm” => “text/html”,
“.html” => “text/html”,
“.jpeg” => “image/jpeg”,
“.jpg” => “image/jpeg”,
“.js” => “text/javascript”,
“.png” => “image/png”,
“.swf” => “application/x-shockwave-flash”,
“.txt” => “text/plain”
)

2

It appears that the explanation is that exactly at the same time someone
from 200.169.164.242 accessed my site 600 times in 4 seconds.
This is not a rails problem, but is this common?
I’ve moved my site on a new server on 31th Jan, and there have already
been
3 such attacks (and I haven’t finished parsing the production.log file
yet)
What is the common reaction in such cases?

Bogdan

3

Bogdan I. wrote:

It appears that the explanation is that exactly at the same time someone
from 200.169.164.242 http://200.169.164.242 accessed my site 600 times
in 4 seconds.
This is not a rails problem, but is this common?
I’ve moved my site on a new server on 31th Jan, and there have already
been 3 such attacks (and I haven’t finished parsing the production.log
file yet)
What is the common reaction in such cases?
Drop them at the firewall. Failing that:

$HTTP[“remoteip”] == “200.169.164.242” {
url.access-deny = ( “” )
}

Or something along those lines…

4

Well, I meant more like reporting them, than adding one ip at a time in
the
firewall.
Is there a way to configure lighttpd, apache or even the firewall to
discard
repeated requests from the same ip?
I can’t think of any case that would require a certain ip to access your
server several hundread times during a few seconds

5

Bogdan I. wrote:

Well, I meant more like reporting them, than adding one ip at a time in
the firewall.
Is there a way to configure lighttpd, apache or even the firewall to
discard repeated requests from the same ip?
I can’t think of any case that would require a certain ip to access your
server several hundread times during a few seconds
Apache’s got mod_throttle, but I don’t know about lighttpd…