On Thu, Jul 26, 2012 at 02:04:23PM +0200, Stephan Seitz wrote: > > > Am Donnerstag, den 26.07.2012, 13:41 +0200 schrieb Kristian > Fiskerstrand: > > On 2012-07-26 08:54, Stephan Seitz wrote: > > > > > > > > > Am Mittwoch, den 25.07.2012, 23:49 +0200 schrieb Kristian Fiskerstrand: > > >> On 2012-07-25 23:15, Phil Benchoff wrote: > > >> > > >>> > > >>> sks-keyservers.net has not detected our proxy. I'm pretty sure our > > >>> server > > >>> sends back the Server header from the SKS keyserver on reverse-proxied > > >>> requests. Is that what they're looking at? > > >> > > >> Indeed using the HTTP Server header in this determination. To be > > >> detected as a reverse proxy it should contain either "nginx" or "apache" > > >> (or whatever other term that is applicable, but atm those are the two > > >> terms in the list) > > > > > > Hi, > > > > > > wouldn't the test be more reliable by checking against the existence of > > > a Via: header? > > > > No, nginx does not provide such header (at least not in my setup), see > > below. > > > > kristianf@gentoo4 ~ $ wget -S > > "http://keys.kfwebs.net:11371/pks/lookup?op=stats"; > > --2012-07-26 13:40:05-- http://keys.kfwebs.net:11371/pks/lookup?op=stats > > Resolving keys.kfwebs.net... 2001:16d8:ee30::4, 213.161.224.2 > > Connecting to keys.kfwebs.net|2001:16d8:ee30::4|:11371... connected. > > HTTP request sent, awaiting response... > > HTTP/1.1 200 OK > > Server: nginx/1.0.14 > > Date: Thu, 26 Jul 2012 11:40:28 GMT > > Content-Type: text/html; charset=UTF-8 > > Connection: keep-alive > > Keep-Alive: timeout=20 > > Cache-Control: no-cache > > Pragma: no-cache > > Expires: 0 > > Content-length: 42762 > > Length: 42762 (42K) [text/html] > > Saving to: `lookup?op=stats.2' > > Hi, > > I don't want to sound like a nitpicker, but RFC 2068 / 14.44 "Via" > clearly says: > > "The Via general-header field MUST be used by gateways and proxies to > indicate the intermediate protocols and recipients between the user > agent and the server on requests, and between the origin server and > the client on responses. [...]" > > So, I guess your nginx config should be extended to add a Via header. > (At least when offering HTTP 1.1) > > cheers, > > - Stephan
Could the script be modified to detect the Via: header as well as what it does now? It looks like the nginx HTTP headers module could add the Via: header to responses. That is probably the right thing to do in the long run. Phil _______________________________________________ Sks-devel mailing list [email protected] https://lists.nongnu.org/mailman/listinfo/sks-devel
