Hi Willy,
Le mardi 31 mai 2011 23:14:11, Willy Tarreau a écrit :
> a few minor issues were reported since 1.4.15 so I'm planning to issue
> 1.4.16 with the fixes. I just wanted to ensure that no patch was missing
> before the release, so if you have anything pending that's not there or
> that I might have lost/forgotten, please email me. Similarly, if you are
> working on something you'd like to get merged and want a few days delay,
> please tell me so, there's no emergency as we just have very minor fixes.
While auditing a server today, I encountered an issue with the HTTP keep-alive
timeout. It just didn't work and connections stayed alive for 5 minutes (their
client/server timeout).
The fact is that they decided to split their proxy in frontend and backends
and moved some options in the backends parts. While this is a valid
configuration if we refer to the documentation, the http-keep-alive timeout is
ignored because at the time the value is checked in the code (in the early
request process), the backend is not known yet.
A sample configuration to reproduce it is :
defaults
mode http
timeout connect 5s
timeout client 8s
timeout server 10s
frontend test_FE :9000
default_backend test_BE
backend test_BE
option http-server-close
timeout http-keep-alive 3s
server test 127.0.0.1:80
Then run :
time echo -ne "GET / HTTP/1.1\r\nHost: localhost\r\n\r\n" | nc localhost 9000
HTTP/1.1 200 OK
...
real 0m8.047s
I've started to work on a fix and can try to send a patch soon.
In the same idea, they don't use "timeout http-request" but it looks like the
same issue exists.
--
Cyril Bonté
