CAcert System Admins discussion list

[Wytze van der Raay <wytze AT cacert.org>]

Hi Andre,

Andre Klärner schreef op 23-10-2013 4:05:
> ...
> I would like to take a survey of the user agents that visit us regulary:
> 
>     cut -d\" -f6 $LOG |sort|uniq -c|sort -r
> 
> Maybe this should be repeated for the referrer-field (-f4) to see if there
> any properties stored, that might help identify the frequency of some
> clients (while I suspect that they are empty).

To start with the second one: that's pretty uninteresting. I ran this
on a full week of logs (383079 lines in total), and most of the time
the referrer field is empty. Just showing the top 5:

 382690 -
    103 http://www.cacert.org/index.php?id=3
     54 http://crl.cacert.org/
     50 http://crl.cacert.org/revoke.crl
     45 https://www.cacert.org/index.php?id=3

But the first survey is much more interesting; running on the same
data set, we get as top 10 agents:

 165938 ocspd/1.0
  43549 Microsoft-CryptoAPI/6.1
  35210 ocspd/1.0.1
  29081 -
   9968 Microsoft-CryptoAPI/5.131.3790.3959
   9480 Mikrotik/6.x Fetch
   8648 ocspd (unknown version) CFNetwork/520.5.1 Darwin/11.4.2 (x86_64)
(iMac12%2C2)
   7064 Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
   6737 ocspd (unknown version) CFNetwork/520.5.1 Darwin/11.4.2 (x86_64)
(MacBookPro8%2C1)
   5274 Microsoft-CryptoAPI/6.2

I'd be quite curious to know which software is using ocspd/1.0
or ocspd/1.0.1 as its agent string, since it seems be responsible
for  more than 50% of the load on crl.cacert.org.

By the way, we are working on some external firewall changes, which
intend to achieve two things:
1. offer rsync as an alternative (and MUCH more efficient) method to
   retrieve the latest CRLs;
2. log the IP address of crl.cacert.org users, so we can determine
   our load sources more accurately.

Regards,
-- wytze

Attachment: smime.p7s
Description: S/MIME-cryptografische ondertekening