Re: [Sks-devel] keyserver.cns.vt.edu updates: RProxy + port 80

sks-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] keyserver.cns.vt.edu updates: RProxy + port 80

From:	Stephan Seitz
Subject:	Re: [Sks-devel] keyserver.cns.vt.edu updates: RProxy + port 80
Date:	Thu, 26 Jul 2012 14:04:23 +0200


Am Donnerstag, den 26.07.2012, 13:41 +0200 schrieb Kristian
Fiskerstrand:
> On 2012-07-26 08:54, Stephan Seitz wrote:
> > 
> > 
> > Am Mittwoch, den 25.07.2012, 23:49 +0200 schrieb Kristian Fiskerstrand:
> >> On 2012-07-25 23:15, Phil Benchoff wrote:
> >>
> >>>
> >>> sks-keyservers.net has not detected our proxy.  I'm pretty sure our server
> >>> sends back the Server header from the SKS keyserver on reverse-proxied
> >>> requests.  Is that what they're looking at?
> >>
> >> Indeed using the HTTP Server header in this determination. To be
> >> detected as a reverse proxy it should contain either "nginx" or "apache"
> >> (or whatever other term that is applicable, but atm those are the two
> >> terms in the list)
> > 
> > Hi,
> > 
> > wouldn't the test be more reliable by checking against the existence of
> > a Via: header?
> 
> No, nginx does not provide such header (at least not in my setup), see
> below.
> 
> address@hidden ~ $ wget -S
> "http://keys.kfwebs.net:11371/pks/lookup?op=stats";
> --2012-07-26 13:40:05--  http://keys.kfwebs.net:11371/pks/lookup?op=stats
> Resolving keys.kfwebs.net... 2001:16d8:ee30::4, 213.161.224.2
> Connecting to keys.kfwebs.net|2001:16d8:ee30::4|:11371... connected.
> HTTP request sent, awaiting response...
>   HTTP/1.1 200 OK
>   Server: nginx/1.0.14
>   Date: Thu, 26 Jul 2012 11:40:28 GMT
>   Content-Type: text/html; charset=UTF-8
>   Connection: keep-alive
>   Keep-Alive: timeout=20
>   Cache-Control: no-cache
>   Pragma: no-cache
>   Expires: 0
>   Content-length: 42762
> Length: 42762 (42K) [text/html]
> Saving to: `lookup?op=stats.2'

Hi,

I don't want to sound like a nitpicker, but RFC 2068 / 14.44 "Via"
clearly says:

"The Via general-header field MUST be used by gateways and proxies to
indicate the intermediate protocols and recipients between the user
agent and the server on requests, and between the origin server and
the client on responses. [...]"

So, I guess your nginx config should be extended to add a Via header.
(At least when offering HTTP 1.1)

cheers,

- Stephan

signature.asc
Description: This is a digitally signed message part

[Prev in Thread]

Current Thread

[Next in Thread]

[Sks-devel] keyserver.cns.vt.edu updates: RProxy + port 80, Phil Benchoff, 2012/07/25
- Re: [Sks-devel] keyserver.cns.vt.edu updates: RProxy + port 80, Kristian Fiskerstrand, 2012/07/25
  - Re: [Sks-devel] keyserver.cns.vt.edu updates: RProxy + port 80, Stephan Seitz, 2012/07/26
    - Re: [Sks-devel] keyserver.cns.vt.edu updates: RProxy + port 80, Kristian Fiskerstrand, 2012/07/26
    - Re: [Sks-devel] keyserver.cns.vt.edu updates: RProxy + port 80, Stephan Seitz <=
    - Re: [Sks-devel] keyserver.cns.vt.edu updates: RProxy + port 80, Phil Benchoff, 2012/07/26
    - Re: [Sks-devel] keyserver.cns.vt.edu updates: RProxy + port 80, Kristian Fiskerstrand, 2012/07/26
    - Re: [Sks-devel] keyserver.cns.vt.edu updates: RProxy + port 80, Daniel Kahn Gillmor, 2012/07/26
    - Re: [Sks-devel] keyserver.cns.vt.edu updates: RProxy + port 80, Stephan Seitz, 2012/07/26

Prev by Date: Re: [Sks-devel] keyserver.cns.vt.edu updates: RProxy + port 80
Next by Date: Re: [Sks-devel] keyserver.cns.vt.edu updates: RProxy + port 80
Previous by thread: Re: [Sks-devel] keyserver.cns.vt.edu updates: RProxy + port 80
Next by thread: Re: [Sks-devel] keyserver.cns.vt.edu updates: RProxy + port 80
Index(es):
- Date
- Thread