Hi, echelon, You wrote:
> Thank you, but looks like it does only works partly, e.g. from > webinterface. > > e.g.: > [20/Feb/2019:12:52:40 +0100] "GET /pks/lookup?search=0x69D2EAD9&op=vindex > HTTP/1.1" 410 602 "http://keys.i2p-projekt.de/" "Mozilla/5.0 (X11; Linux > x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.96 > Safari/537.36" > > looks like it works fine. BUT: > > [20/Feb/2019:12:55:26 +0100] "GET > /pks/lookup?op=get&options=mr&search=0x69D2EAD9 HTTP/1.1" 200 39693256 "-" "-" > > does not work with youre rewriteConds. It works for me :-) $ HEAD 'https://keyserver.zap.org.au/pks/lookup?search=0x69D2EAD9&op=vindex' 410 Gone Connection: close ... $ HEAD 'https://keyserver.zap.org.au/pks/lookup?op=get&options=mr&search=0x69D2EAD9' 410 Gone Connection: close ... (HEAD is a command-line tool in the libwww-perl package under Debian and Ubuntu.) My complete set of rules, for reference, is: RewriteEngine on RewriteMap badkeys "txt:/etc/sks/apache-badkeys" RewriteMap lc int:tolower RewriteCond "%{REQUEST_URI}" "^/pks/lookup" RewriteCond "%{QUERY_STRING}" "op=(get|index|search|vindex)" RewriteCond "%{QUERY_STRING}" "search=([^&]+)(&|$)" RewriteCond "${badkeys:${lc:%1}|ok}" "!=ok" RewriteRule ^/pks/lookup - [L,G] > (BTW: look at this key: 0xD7FFC063B40A2294B966DB47FF80AE9D1DEC358D [...]) Nice signatures :-) We're playing "whack-a-mole" here. I went through my Apache logs for the last month or so, searching for very large keys being requested, and added these (and certain variations of them) to my /etc/sks/apache-badkeys file. I have 15 keys listed so far... Yours truly, John Zaitseff -- John Zaitseff ,--_|\ The ZAP Group Telephone: +61 2 9643 7737 / \ Sydney, Australia Email: j.zaits...@zap.org.au \_,--._* https://www.zap.org.au/ v _______________________________________________ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel