Paul, could you please double-check that we do not have HostnameLookups turned on anywhere in the Apache configuration files?
Anders Kaseorg, author of the Haskell cgi package wrote on the libraries list: > Apache only provides REMOTE_HOST > if the HostnameLookups directive is set to On > (the default is Off). So this should be easily > fixable. Yet empirically, it really does look like we are getting an RDNS lookup for each call to a CGI app. Thanks, Yitz On Tue, Apr 9, 2013 at 5:40 PM, Yitzchak Gale <[email protected]> wrote: > I wrote: >> I chased down the Haskell code that he pointed to. >> It turns out that the accept function in the network >> package, unlike the underlying C function, does a >> reverse DNS lookup every time it accepts a connection. >> Sounds to me like that might be the problem. >> (Although that doesn't explain the list-users script, >> which isn't in Haskell.) > > No, I now see that's wrong. The RDNS lookup > there is lazy. It would only be called if the client > tries to use the host name, and hackage does not. > > The answer is that this problem > is inherent to the CGI protocol, which is what > Hackage currently uses. CGI supplies > the resolved client host name to the web > application in an environment variable. So > the web server (Apache in this case) will > always have do a reverse DNS lookup by definition. > (Environment variables are strict. Too bad.) > > I guess for now the only solution is to access > Hackage via a proxy on a host whose reverse > DNS is working. That's not hard to set up > using ssh -D. > > Sorry, I wish I could give a better answer. > > -Yitz _______________________________________________ haskell-infrastructure mailing list [email protected] http://community.galois.com/mailman/listinfo/haskell-infrastructure
