[Support-mirrors] mirror setup questions

Vince Hoang vince at litrium.com
Tue Jan 17 14:32:47 EST 2006

I am interested in helping mirroring RubyForge. I like the idea
of using a mirror master to offloa the bandwidth requirements to
a faster host, but would greatly prefer pulling the mirror than
having it pushed.

With the current URL schema of
http://mirror/projectname/filename, would I need to setup a
separate virtual host for it, rather than use something like

Lastly, I believe the documented rsync setup leaves the
mirror vulnerable to malicious behavior. The 'hosts allow'
option should only list IP addresses. If I know the contents
of the rsync.secret file, I can resolve my IP address to
rubyforge.lauschmusik.de and overwrite the contents of any mirror
that uses the listed configuration:

     path = /var/www/rubyforge/htdocs
     auth users = rubyforge
     secrets file = /var/www/rubyforge/etc/rsync.secrets
     hosts allow = rubyforge.lauschmusik.de
     hosts deny = *


More information about the Support-mirrors mailing list