[Sks-devel] Apache Reverse Proxy and SKS keyserver

sks-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Sks-devel] Apache Reverse Proxy and SKS keyserver

From:	Phil Benchoff
Subject:	[Sks-devel] Apache Reverse Proxy and SKS keyserver
Date:	Wed, 25 Jul 2012 20:02:03 -0400

An Apache reverse proxy adds some headers to the request, including
x-forwarded-for, which is the address of the client.  If a key lookup
fails, the SKS server will log this header:

  2012-07-25 19:34:44 Error handling request 
(GET,/pks/lookup?op=get&search=<keyid>,[
  accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  accept-encoding:gzip, deflate
  accept-language:en-us,en;q=0.5
  connection:Keep-Alive
  dnt:1
  host:localhost:11371
  user-agent:Mozilla/5.0 (X11; Linux x86_64; rv:13.0) Gecko/20100101 
Firefox/13.0.1
  x-forwarded-for: <the client IP address>
  x-forwarded-host:keyserver.cns.vt.edu
  x-forwarded-server:keyserver.cns.vt.edu]): No keys found

Without the reverse proxy, this is logged:

  2012-07-22 04:06:51 Error handling request 
(GET,/pks/lookup?op=get&search=<keyid>,[
  accept:*/*
  accept-encoding:gzip,deflate
  connection:Keep-alive
  from:googlebot(at)googlebot.com
  host:keyserver.cns.vt.edu:11371
  user-agent:Mozilla/5.0 (compatible; Googlebot/2.1; 
+http://www.google.com/bot.html)]): No keys found

Logging the client is not what is expected.  The x-forwarded-for
header should probably not be logged.  I don't see a way to turn this off
in the Apache config.

Phil

[Prev in Thread]

Current Thread

[Next in Thread]

[Sks-devel] Apache Reverse Proxy and SKS keyserver, Phil Benchoff <=

Prev by Date: Re: [Sks-devel] DisUnitedStates.com downtime
Next by Date: [Sks-devel] systemd service file for sks?
Previous by thread: [Sks-devel] DisUnitedStates.com downtime
Next by thread: [Sks-devel] systemd service file for sks?
Index(es):
- Date
- Thread