On 10/11/06, Ruediger Pluem <[EMAIL PROTECTED]> wrote:
There is an issue with the proxy code that if a request is sent over
a persistent backend connection (currently only looking at the http case, not
sure if the same thing can happen for other backends like ajp and fastcgi)
it could happen that this connection gets closed by the backend for timeout
reasons
after the is_connected check and before / while sending the request.
1. RFC 2616 does not allow clients to resend a non idempotent request in those
cases without
user interaction (8.1.4). It is concluded that the same applies to a proxy
in this case.
A non-compliant behavior (i.e., not default Apache behavior) which
would be useful would be to wait for 100-Continue before sending POST
bodies. If connection is dropped before receiving 100-Continue, try
on a new connection.
2. Although GET is mentioned to be idempotent in RFC 2616 (9.1.2) along with
some other methods
it is not a good idea to regard a GET / HEAD with query parameters to be
idempotent.
<Location /proxy/all_gets_are_idempotent>
SetEnv foomatic=1
</Location>
3. Sometimes servers (including httpd) include a keep-alive header in their
response with the parameter
timeout set. This can give a hint when the backend will close its persistent
connection due to a
timeout.
Unfortunately, our own hint in the response is not useful when sent by
a child process that is being terminated due to excessive idle
processes/threads or MaxRequestsPerChild, since we can break out of
ap_process_connection right after telling the client they have N
seconds to send the next request. This will happen enough to be
disturbing, though perhaps not often enough to quickly diagnose it.
("Gosh, try turning off proxy keepalive and see if it gets better. If
so, that's your permanent solution.")
If there is a non idempotent request to the proxy and there is not enough
timeout time left on the
backend connection, then close the pooled backend connection and forward the
request to the
backend via a new connection. The size of "enough timeout time left" is not
defined yet and
besides a good default value for it, there should be the possibility to change
that via configuration.
If the server does not sent the timeout parameter back in its reponse, it is
regarded as 0.
If there is a idempotent request, resent it if it failed because of a read /
write failure to the
backend *before* the first successful read from the backend. It is important
that this is really
a socket error. Simply checking for a failure of ap_proxy_http_request is not
*enough*, because
it should not be resent if it failed due to some other problem (e.g. parsing
error).
(In case it isn't stated explicitly already) No such retry would be
performed on the initial request sent on a connection, right?
