Anybody?
What makes this even more confusing is that in the man page for
relayd.conf, it specifies a protocol called "http_ssl" that does NOT
have this directive:
http protocol "http_ssl" {
header append "$REMOTE_ADDR" to "X-Forwarded-For"
header append "$SERVER_ADDR:$SERVER_PORT" to
"X-Forwarded-By"
header change "Keep-Alive" to "$TIMEOUT"
query hash "sessid"
cookie hash "sessid"
path filter "*command=*" from "/cgi-bin/index.cgi"
ssl { sslv2, ciphers "MEDIUM:HIGH" }
}
The protocol in the default relayd.conf DOES, however:
http protocol httpssl {
header append "$REMOTE_ADDR" to "X-Forwarded-For"
header append "$SERVER_ADDR:$SERVER_PORT" to "X-Forwarded-By"
header change "Connection" to "close"
# Various TCP performance options
tcp { nodelay, sack, socket buffer 65536, backlog 128 }
# ssl { no sslv2, sslv3, tlsv1, ciphers HIGH }
# ssl session cache disable
}
I'm just after an explanation of what closing the connection is
attempting to accomplish, and why it seems to be arbitrarily inserted
into the default relayd.conf.
Thanks,
Andrew Klettke
Systems Admin
Optic Fusion NOC
253-830-2943
On 05/31/2011 10:34 AM, Andrew Klettke wrote:
Hello,
In the default relayd.conf, we have, in the "httpssl" protocol, the
directive `header change "Connection" to "close"`.
What about relayd makes this desirable (why close connections when we
can reuse them or let them time out?), and what are the consequences
of NOT having this directive?
