sks-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] sks behind lighttpd reverse proxy

From: Simon Lange
Subject: Re: [Sks-devel] sks behind lighttpd reverse proxy
Date: Mon, 02 Dec 2013 22:49:31 +0100
User-agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.1.1 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
Am 02.12.2013 22:21, schrieb Phil Pennock:
> Remove that filter for port 11371 and you should be good. If you can let us 
> know which setting it
was, we can update the Peering wiki page with a cautionary note. -Phil

Hi Phil, thanks! The hint that gpg does NOT actually sends a HEADER was
the hint i did need. You are right. Client who do send request without a
header are sort out and are also enlisted on my firewall for being
dumped for some time. some kind of rudementary antidos written in lua.
;) because usually only bad coded stuff or hostile stuff does not send a
header. same reason why i route unknown callerids to my answeringmachine
no matter what.

however. gpg does not send any header and therefore THAT was the
problem. so if you use some kind of aggressive antidos mechanism like
sorting out not compliant http clients (like gpg) you run into the problem.

11370 has a connection throttle and of course is not reverse proxied. it
was only for one day after a sks pool admin did wrote us we have to put
everything behind reverse proxy. we did and ran into problems.  ;)

so current setup is:
https://keys.s-l-c.biz http://keys.s-l-c.biz and
http://keys.s-l-c.biz:11371 work perfectly as they did before.
Finally hkp://keys.s-l-c.biz works again although behind reverse proxy.

best regards

Simon

- -- 
________________________________________________________
Simon Lange Consulting  - Gaudystr. 6  - DE-10437 Berlin
Telefon: +49(0)30/89757206 Mobil: +49(0)151/22640160
- ----------------------------------------http://s-l-c.biz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
 
iQEcBAEBAgAGBQJSnQBrAAoJELCfvQa91QO+4FcH/jXaZl7Ue+iJh5+edqab8m1A
ihCwCmQv9gmBOZzjImglJY2cnGFaOywe3cM85CGHmptL45w3DpMvBfXH/XtGsP+N
sT8BTWZIAo2dm6OSj/dYYFlUdeZsrG5FUrGdgehcMybYfUdzyY2OSqQBmOVAdGVk
w2u2mK9oyXabypYrAvdXhKbodPRkJy2ep1SgW6H8ICVwmWrlbYcwDCZ7wlhedxww
cb897at48Qz3/bXNRlSa7Egu3UHolZvRpGKS7wH+0RoHj1CmAXQ/hkzSLZs2PKlN
QAidiC85iH5ZzCBQhgh1zUr8l7uOE9ncUnkwNzYB+dKXE25cXxTQ328+AZSYbXQ=
=RnaG
-----END PGP SIGNATURE-----
reply via email to
[Prev in Thread] Current Thread [Next in Thread]