sks-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] simple DoS against SKS's HKP interface :/

From: Peter Kornherr
Subject: Re: [Sks-devel] simple DoS against SKS's HKP interface :/
Date: Tue, 20 Mar 2012 23:45:50 +0100
User-agent: Mutt/1.5.18 (2008-05-17) 
Hi,

I'm trying to do the proxy-stuff with apache2. On first sight,
it seems to work well:

<VirtualHost 109.230.243.87:11371>
        ServerName keys.wuschelpuschel.org
        ServerAdmin address@hidden
        <Proxy *>
                Order deny,allow
                Allow from all
        </Proxy>
        ProxyPass / http://127.0.0.1:11371/
        ProxyPassReverse / http://127.0.0.1:11371/
        SetEnv force-proxy-request-1.0 1
        SetEnv proxy-nokeepalive 1
</VirtualHost>

(there are more proxy vhosts, e.g. from :80 - not mentioned here,
they're all the same scheme.)

Fetching keys with gpg and via web works as intended, apache handles
the connections "non blocking" as intended.

But then I noticed some errors in the logs, like

[Tue Mar 20 23:19:18 2012] [error] [client xxx] (20014)Internal error: proxy: 
error reading status line from remote server 127.0.0.1:11371
[Tue Mar 20 23:19:18 2012] [error] [client xxx] proxy: Error reading from 
remote server returned by /pks/hashquery

keys.wuschelpuschel.org:80 xxx - - [20/Mar/2012:23:19:18 +0100] "POST 
/pks/hashquery" 502 495 "-" "-"

OTOH, I see working POSTs like

yyy - - [20/Mar/2012:23:23:40 +0100] "POST /pks/hashquery HTTP/1.0" 200 128 "-" 
"-"

Any request with HTTP version identifier gets HTTP status 200, any request
without gets 502. I didn't work through tcpdumps yet, would be the
next action if there is no hint from you ;)

Ideas, anyone? TIA!

        --pk

Attachment: signature.asc
Description: Digital signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]