Bug #17001

Backwards-compatibility redirection for localized Atom security feed only works in French

Added by sajolida 2019-08-28 15:09:56 . Updated 2019-08-30 10:02:41 .

Status:
Confirmed
Priority:
Low
Assignee:
Category:
Target version:
Start date:
Due date:
% Done:

0%

Feature Branch:
Type of work:
Sysadmin
Blueprint:

Starter:
Affected tool:
Deliverable for:

Description

Our download stats are using the following regexp, cf. puppet-tails.git:files/website/tails-website-last-month-stats:

"/${LAST_MONTH_ABBR}/.*\"GET /security/index\.[a-z]{2}\.atom HTTP/[0-9]\.[0-9]\" 200 [0-9]+ \"-\" \"(-|libwww-perl/)" \

In the log of our website, only /security/index.en.atom correspond to a 200 result. All other languages are returning 301.

So I think that our download stats are counting only English sessions.

Did I miss something? If not, since when is this happening?

Also, I get a 404 when trying to fetch anything else than English (for example: https://tails.boum.org/security/index.ru.atom) so maybe the security check itself only works for English sessions. Note that in the logs I don’t see a 404 for each 301, but maybe the security check script doesn’t follow redirections.

Only sysadmins have access to our logs, so I’m assigning this issue for confirmation and triaging to intrigeri who’s the only sysadmin in the foundations team.


Subtasks


History

#1 Updated by intrigeri 2019-08-29 07:33:46

  • Subject changed from Download stats are counting only English sessions to Boot stats are counting only English sessions

#2 Updated by intrigeri 2019-08-29 07:50:34

  • Status changed from New to Confirmed

> In the log of our website, only /security/index.en.atom correspond to a 200 result. All other languages are returning 301.
> So I think that our download stats are counting only English sessions.

Nope, it is on purpose that we’re counting only 200 status codes:

  • tails-security-check first tries the URL corresponding to the current language, and if that fails, it tries the English URL. We’re counting only the later, which is correct.
  • For languages that our website supports, we’re supposed to redirect to the English version, which should result in a 200 hit, and we’re counting only that one, which is correct.

So I think the logic of this script is correct, assuming the web server does what we expect it to do: regardless of whether tails-security-check follows redirections, we’re counting 1 hit per boot.

But there’s a bug somewhere: the redirection works as intended for French, but for all the other supported languages I’ve tried (de, es, it) it redirects to a URL that gives a 404, while it should redirect to English. And indeed, the corresponding rewrite rule generated via our ERB template only supports French. I’ll investigate.

> Also, I get a 404 when trying to fetch anything else than English (for example: https://tails.boum.org/security/index.ru.atom)

404 is expected for any language that’s not supported by our website, and it’s fine.
404 should not happen for languages that are supported by our website, but it does, due to the aforementioned bug.

#3 Updated by intrigeri 2019-08-29 07:59:36

  • Subject changed from Boot stats are counting only English sessions to Boot stats are counting only English and French sessions
  • Target version set to Tails_3.16

#4 Updated by intrigeri 2019-08-29 08:13:51

  • Subject changed from Boot stats are counting only English and French sessions to Backwards-compatibility redirection for localized Atom security feed only works in French
  • Assignee deleted (intrigeri)
  • Priority changed from Normal to Low
  • Target version deleted (Tails_3.16)

intrigeri wrote:
> But there’s a bug somewhere: the redirection works as intended for French, but for all the other supported languages I’ve tried (de, es, it) it redirects to a URL that gives a 404, while it should redirect to English. And indeed, the corresponding rewrite rule generated via our ERB template only supports French. I’ll investigate.

The bug was introduced on 2018-11-10.

It does not affect our stats: tails-security-check will immediately retry in English after that failure, which results in a hit we do count.

We don’t even expose any /security/index.NN.atom URL for NN != en anywhere since our security advisories are not translated anymore, so I think that in practice, this bug only affects folks who had configured such a URL in their feed reader back when we advertised it. This has been broken since 9.5 months so I expect these folks, if they exist, to have since reconfigured their feed reader to point to the English version.

#5 Updated by sajolida 2019-08-30 10:02:41

> * tails-security-check first tries the URL corresponding to the current language, and if that fails, it tries the English URL. We’re counting only the later, which is correct.
> * For languages that our website supports, we’re supposed to redirect to the English version, which should result in a 200 hit, and we’re counting only that one, which is correct.

Ooook! Sorry for the noise then. And I should fix my stats to substract
the number of redirected non-English sessions to the count of English
sessions.