Thanks for the explanation. I had never had this issue for years, my guess is we have more .htaccess files being created and accessed in afs. After researching when a .htaccess file is encountered, the server then traverses up the file system looking for .htacces files in all parent directories. By default apache configures / with "AllowOverride None" which tells the server .htaccess is not allowed and don't traverse. I added /afs and our cell as show below, no need to look for .htaccess in these top level directories.
# Each directory to which Apache has access can be configured with respect # to which services and features are allowed and/or disabled in that # directory (and its subdirectories). # # First, we configure the "default" to be a very restrictive set of # features. # <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory /afs> AllowOverride None </Directory> <Directory /afs/cs.unc.edu> AllowOverride None </Directory> <Directory /afs/.cs.unc.edu> AllowOverride None </Directory> On Thu, Nov 8, 2018 at 3:42 PM Jeffrey Altman <jalt...@auristor.com> wrote: > > On 11/8/2018 12:22 PM, John Sopko wrote:> > > I am running afsd with: > > > > /usr/vice/etc/afsd -dynroot -fakestat-all -afsdb > > -dynroot > > do not mount a root.afs volume. instead populate the /afs directory > with the results of cell lookups > > -afsdb > > if the requested name does not match a cell found in the CellServDB > file, query DNS first for SRV records and if no match, then AFSDB > records > > Note that default RHEL6 configuration for the DNS resolver does not > cache negative DNS results. > > An attempt to open /afs/.htaccess therefore results in DNS queries for > "htaccess" plus whatever domains are in the search list. If the search > list is cs.unc.edu and unc.edu then for each access there will be the > following DNS queries > > SRV _afs3-vlserver._udp.htaccess.cs.unc.edu > SRV _afs3-vlserver._udp.unc.edu > AFSDB htaccess.cs.unc.edu > AFSDB htaccess.unc.edu > > You can add a dummy htaccess.cs.unc.edu entry to CellServDB. You can > add a blacklist for that name. You can stop using -afsdb or you can > stop using -dynroot and rely upon a locally managed root.afs volume. > > Jeffrey Altman > > > > -- John W. Sopko Jr. University of North Carolina Computer Science Dept CB 3175 Chapel Hill, NC 27599-3175 Fred Brooks Building; Room 140 Computer Services Systems Specialist email: sopko AT cs.unc.edu phone: 919-590-6144 _______________________________________________ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info