Re: [Sks-devel] status page

[Martin Papik]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512


I don't know who maintains the monitor, but this email chain prompted
me to have a quick look at the differences between the responses
between a reverse proxy and SKS and I found a few differences and how
to detect a reverse proxy. I've come up with two other ways to detect
a reverse proxy (other than the Via header). Maybe the Via header is
important for some other part of the protocol I'm not aware of, i.e.
for the client to detect and report who actually handled the request,
but here goes.

Method 1, request HEAD for the status page
        lynx -mime_header -head -source
'http://xxxxxxx:11371/pks/lookup?op=stats'
        A reverse proxy responds with 502 proxy error and lynx returns with
no error (0), SKS cuts the connection without returning any headers
(which causes the proxy error), in which case lynx exits with error (1).

Method 2, intrusive, connect to port 11371, request status via a new
connection and see if it completes.

Method 2 is useless in practice, but method 1 might give additional
information. Maybe distinguish between a well configured reverse proxy
and a badly configured reverse proxy.

Martin

On 04/18/2014 02:30 PM, Tobias Frei wrote:
> Hi,
> 
> maybe you need to send a correct "Via:" header to allow automatic 
> detection of the reverse proxy. If proxying is done completely 
> transparent, there is probably no way to see that there is actually
> a proxy in front of sks. That's what I would assume, at least.
> 
> 
> Best regards, Tobias Frei
> 
> 
> Am 17.04.2014 16:20, schrieb Simon Lange (BIT):
>> well, but there IS a reverse proxy. ;)
>> 
>> tcp        0      0 78.46.21.218:11371      0.0.0.0:*
>>  LISTEN      8804/lighttpd tcp        0      0 127.0.0.1:11371
>> 0.0.0.0:* LISTEN      10018/sks tcp6       0      0
>> 2a01:4f8:201:22e3:11371 :::* LISTEN      8804/lighttpd
>> 
>> 
>> Am 2014-04-17 15:56, schrieb Tobias Frei:
>>> Hi,
>>> 
>>> from the status page you've linked:
>>> 
>>> "Latest status: Not OK Reason: Not running a reverse proxy"
>>> 
>>> 
>>> Best regards, Tobias Frei
>>> 
>>> Am 17.04.2014 01:13, schrieb Simon Lange:
>>>> Hi,
>>>> 
>>>> im a it supprised. i just stumbled over: 
>>>> https://sks-keyservers.net/status/info/keys.s-l-c.biz
>>>> 
>>>> which says that my keyserver was last seen three days ago. im
>>>> not enlisted anymore and the status page cannot even say what
>>>> server im running etc etc
>>>> 
>>>> im a bit wondered. why? i can reach it via 11370 11371 and
>>>> 443
>>>> 
>>>> proof? address@hidden:~$ gpg --keyserver
>>>> hkp://keys.s-l-c.biz --search-key address@hidden gpg:
>>>> searching for "address@hidden" from hkp server
>>>> keys.s-l-c.biz (1)     Simon Lange <address@hidden> 2048
>>>> bit RSA key BDD503BE, created: 2009-09-04 Keys 1-1 of 1 for
>>>> "address@hidden".  Enter number(s), N)ext, or Q)uit >
>>>> 
>>>> works like charme.
>>>> 
>>>> via browser? see attachment (screenshot). works too. ;)
>>>> 
>>>> recon works too 2014-04-17 01:12:04 Beginning recon as
>>>> server, client: <ADDR_INET [162.243.102.241]:59001>
>>>> 2014-04-17 01:12:04 Joining reconciliation 2014-04-17
>>>> 01:12:04 Reconciliation complete 2014-04-17 01:12:04 2 hashes
>>>> recovered from <ADDR_INET [162.243.102.241]:11371> 2014-04-17
>>>> 01:12:04 02D4107B2181C750E8EE7E18A96FBF61 2014-04-17
>>>> 01:12:04 1177F736C69004B45FA475ACB149F894 2014-04-17 01:12:04
>>>> Disabling gossip 2014-04-17 01:12:14 Requesting 2 missing
>>>> keys from <ADDR_INET [162.243.102.241]:11371>, starting with 
>>>> 02D4107B2181C750E8EE7E18A96FBF61 2014-04-17 01:12:14 2 keys 
>>>> received
>>>> 
>>>> 
>>>> so why is my server not enlisted anymore? what are the
>>>> exactly port protocols you are checking?!
>>>> 
>>>> id like to prevent such a status page although keyserver is
>>>> still up n running. oO
>>>> 
>>>> thanks for your help
>>>> 
>>>> Simon
>>>> 
>>>> 
>>>> 
>>>> 
>>>> _______________________________________________ Sks-devel
>>>> mailing list address@hidden 
>>>> https://lists.nongnu.org/mailman/listinfo/sks-devel
>>>> 
>>> 
>>> 
>>> _______________________________________________ Sks-devel
>>> mailing list address@hidden 
>>> https://lists.nongnu.org/mailman/listinfo/sks-devel
>> 
> 
> 
> 
> _______________________________________________ Sks-devel mailing
> list address@hidden 
> https://lists.nongnu.org/mailman/listinfo/sks-devel
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCgAGBQJTUWX2AAoJELsEaSRwbVYr3JcQAKhu4yfDqsQu+U1xBxnlVTeC
GTzQ4VqjegE4Khc2FW6xvuyFtqRt7pgUDBmGDveQ5KW+/UdrAaGeVT/i/XZFlUBx
ewD58zm+gtiRndlWM7GGSjRDcoHrSBjIC3o+TR6iL49T9FkSpHOgl9y08Tg2oD25
pQRSIoeaAOEVGXQRSoD6XulEoT0TBURotTHPya3R6vY4XKYVRU/jylhVT3i75wih
2SP5OMLpRrLarOkaUc2+Z/NRYsFEXdfZV4RSQwawC2tFKMiSg5VCzjGWOqPY61AZ
IMgbO9qV3aFG/6Odj3A+fAGKAsQOJUgo0OofivScfSKxlLfTQ/N+nyyCauWJI0EQ
s48l5QdQrkYpgT+bA0w8uOumeEmta4TmyHa3gHVOrQTsxf+9758E1CtEuQnDZJl+
3umFYQnWe3B/VTi8vHBvuoERIVjBElJkAMW8GhrnvnN87WH2zVwHuTvOR1kbGPKP
eAchpOhYeMpW1703aDZwT4R0ISBcBdt1ad67GUbnqiQfDFQPhMWVGz6DjolIdXWb
IuBpokgwzF4qoiKECvw3LWJxjUAFepuhJ7lKETXlXe7dWCI6/lOuhkDT9JC84DmU
7K47/YOn065rqDbx5XGNMNRvf1vyFWhE3cwcoccnOf0xpS3WIAVNGVnLFcOekqMo
TJBAuBHd9rYGDWAPjFwT
=A8Ol
-----END PGP SIGNATURE-----