https://bz.apache.org/bugzilla/show_bug.cgi?id=61855
Bug ID: 61855
Summary: Using mod_rewrite and mod_proxy does not allow for
backend keep-alive
Product: Apache httpd-2
Version: 2.5-HEAD
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Documentation
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
When using mod_rewrite and mod_proxy together to create a reverse proxy based
on the Host http header, connection reuse is disabled.
Here is a sample configuration:
--- SAMPLE CONFIG ---
RewriteEngine On
RewriteRule .* - [E=TARGET:%{HTTP_HOST}]
SSLProxyEngine on
SSLProxyCheckPeerName off
SSLProxyCheckPeerCN off
SSLProxyCACertificatePath /etc/certs/
SSLProxyVerify none
ProxyPass / https://${TARGET}/ retry=0 ttl=5 keepalive=on interpolate
ProxyPassReverse / https://${RARGET}/ interpolate
ProxyPassInterpolateEnv on
ProxyPreserveHost On
--- END SAMPLE CONFIG ---
It was thought that this would allow connection reuse and lower the CPU usage
due to SSL negotiation not being repeated. However, this doesn't work, and a
new backend connection is created for every request.
I'd like to suggest a documentation update that explicitly calls this out so
future users will learn this information sooner. This update could go in the
following places:
https://httpd.apache.org/docs/2.4/mod/mod_rewrite.html
https://httpd.apache.org/docs/2.4/mod/mod_proxy.html
Note the following:
- The mod_rewrite proxy flag [P] is not being used here
- The security implication of using the Host header to determine backend
server is known, and is something that is worked around through other means.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
