[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] Apache setup for refusing to serve bad keys
|
From: |
echelon |
|
Subject: |
Re: [Sks-devel] Apache setup for refusing to serve bad keys |
|
Date: |
Thu, 21 Feb 2019 08:36:53 +0000 (UTC) |
On 20.02.2019 21:46, John Zaitseff wrote:
> Hi, echelon,
>
> You wrote:
>
>> Thank you, but looks like it does only works partly, e.g. from
>> webinterface.
>>
>> e.g.:
>> [20/Feb/2019:12:52:40 +0100] "GET /pks/lookup?search=0x69D2EAD9&op=vindex
>> HTTP/1.1" 410 602 "http://keys.i2p-projekt.de/"; "Mozilla/5.0 (X11; Linux
>> x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.96
>> Safari/537.36"
>>
>> looks like it works fine. BUT:
>>
>> [20/Feb/2019:12:55:26 +0100] "GET
>> /pks/lookup?op=get&options=mr&search=0x69D2EAD9 HTTP/1.1" 200 39693256 "-"
>> "-"
>>
>> does not work with youre rewriteConds.
>
> It works for me :-)
Ok, now it works for me, to. Feel kinda dumb, had the wrong link in
enabled-sites :-/
>> (BTW: look at this key: 0xD7FFC063B40A2294B966DB47FF80AE9D1DEC358D [...])
>
> Nice signatures :-) We're playing "whack-a-mole" here.
First one is a bit "funny", but all others are spam.
> I went through my Apache logs for the last month or so, searching
> for very large keys being requested, and added these (and certain
> variations of them) to my /etc/sks/apache-badkeys file. I have 15
> keys listed so far...
Yeah, more will come.
TZhanks so far.
> Yours truly,
>
> John Zaitseff
echelon