sks-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] keyserver.cns.vt.edu updates: RProxy + port 80

From: Phil Benchoff
Subject: Re: [Sks-devel] keyserver.cns.vt.edu updates: RProxy + port 80
Date: Thu, 26 Jul 2012 09:07:01 -0400 
On Thu, Jul 26, 2012 at 02:04:23PM +0200, Stephan Seitz wrote:
> 
> 
> Am Donnerstag, den 26.07.2012, 13:41 +0200 schrieb Kristian
> Fiskerstrand:
> > On 2012-07-26 08:54, Stephan Seitz wrote:
> > > 
> > > 
> > > Am Mittwoch, den 25.07.2012, 23:49 +0200 schrieb Kristian Fiskerstrand:
> > >> On 2012-07-25 23:15, Phil Benchoff wrote:
> > >>
> > >>>
> > >>> sks-keyservers.net has not detected our proxy.  I'm pretty sure our 
> > >>> server
> > >>> sends back the Server header from the SKS keyserver on reverse-proxied
> > >>> requests.  Is that what they're looking at?
> > >>
> > >> Indeed using the HTTP Server header in this determination. To be
> > >> detected as a reverse proxy it should contain either "nginx" or "apache"
> > >> (or whatever other term that is applicable, but atm those are the two
> > >> terms in the list)
> > > 
> > > Hi,
> > > 
> > > wouldn't the test be more reliable by checking against the existence of
> > > a Via: header?
> > 
> > No, nginx does not provide such header (at least not in my setup), see
> > below.
> > 
> > address@hidden ~ $ wget -S
> > "http://keys.kfwebs.net:11371/pks/lookup?op=stats";
> > --2012-07-26 13:40:05--  http://keys.kfwebs.net:11371/pks/lookup?op=stats
> > Resolving keys.kfwebs.net... 2001:16d8:ee30::4, 213.161.224.2
> > Connecting to keys.kfwebs.net|2001:16d8:ee30::4|:11371... connected.
> > HTTP request sent, awaiting response...
> >   HTTP/1.1 200 OK
> >   Server: nginx/1.0.14
> >   Date: Thu, 26 Jul 2012 11:40:28 GMT
> >   Content-Type: text/html; charset=UTF-8
> >   Connection: keep-alive
> >   Keep-Alive: timeout=20
> >   Cache-Control: no-cache
> >   Pragma: no-cache
> >   Expires: 0
> >   Content-length: 42762
> > Length: 42762 (42K) [text/html]
> > Saving to: `lookup?op=stats.2'
> 
> Hi,
> 
> I don't want to sound like a nitpicker, but RFC 2068 / 14.44 "Via"
> clearly says:
> 
> "The Via general-header field MUST be used by gateways and proxies to
> indicate the intermediate protocols and recipients between the user
> agent and the server on requests, and between the origin server and
> the client on responses. [...]"
> 
> So, I guess your nginx config should be extended to add a Via header.
> (At least when offering HTTP 1.1)
> 
> cheers,
> 
> - Stephan

Could the script be modified to detect the Via: header as well as what it
does now?

It looks like the nginx HTTP headers module could add the Via: header to
responses.  That is probably the right thing to do in the long run.

Phil
reply via email to
[Prev in Thread] Current Thread [Next in Thread]