date:20030708

[patch] bug 17928 - mod_proxy hangs when backend server returns a 304

2003-07-08 Thread Graham Wiseman

This bug occurs in mod_proxy when both KeepAlive and
ProxyErrorOverride are enabled, and non-200 response
without a body is generated by the backend server.
e.g.: a request containing the "If-Modified-Since" and
"If-None-Match" headers, which the backend server responds
to with status 304.

Conditions:
- mod_proxy acting as a forward or reverse proxy
- KeepAlive On
- ProxyErrorOverride On
- Persistent connection to backend server
- backend server responds with a non-200 status
- backend server does not send a body

Details:
In proxy_http.c, ap_discard_request_body() is called on a
request with a non-200 status when ProxyErrorOverride is
enabled. ap_discard_request_body() eventually calls
ap_http_filter() which, when called with a proxy response
request_rec, attempts to read a body even when there is no
indication that one exists (response bodies can be
terminated with a connection close, instead of using a CL
header or chunked encoding). However, on a persistent
connection to the backend, the read blocks until a timeout
occurs (apr_wait_for_io_or_timeout()).

The attached patch works around this problem by not calling
ap_discard_request_body() on responses that never have a
response body (1xx, 204, 205, 304).


Graham Wiseman
[EMAIL PROTECTED]


 


patch-proxy_http.diff
Description: Binary data

RE: Tagged the tree

2003-07-08 Thread Sander Striker

> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Sent: Thursday, July 03, 2003 9:08 PM

> Sander Striker wrote:
> 
> > I've tagged the tree with STRIKER_2_0_47_PRE1.  Testing would be
> > greatly appreciated.
> 
> The new httpd has been running live on daedalus since Thursday, 03-Jul-2003 
> 11:48:45 PDT.  So far, so good.

Ok, daedalus says +1.  Goody ;).


Sander

ssl connection with mod_proxy is very unstable

2003-07-08 Thread Cahya Wirawan

I use mod_proxy for reverse proxy https connection, it is running fine 
with apache 2.0.43 , but when I upgrade it to 2.0.46, more than 50% of the 
https connetions will fail, httpd child process is just died.
2.0.44 and 2.0.45 have the same problem, their child process is just died in
more than 50% https connections. I tried also to upgrade openssl
to the latest version 0.9.7b, and recompile apache, but it doesn't help,
since maybe it is not openssl's bug. and this behaviour is resproducible in
another server, I tried it here with redhat 7.0 and gentoo 1.4. both of them
have the same problem with apache 2.0.44,2.0.45 and 2.0.46 no mater which
openssl version and have a stable connection with 2.0.43.
 
here is my config:

NameVirtualHost xxx.5.131.41:443
SSLProxyEngine on

ServerName iniskp.mydomain.org
ProxyPass   /   https://iniskp.mydomain.org/
ProxyPassReverse/   https://iniskp.mydomain.org/
LogLeveldebug
SSLEngine on
SSLCertificateFile conf/ssl/server.crt
SSLCertificateKeyFile conf/ssl/server.key


And here is the error log when the connections failed:

.
[Fri Jun 13 18:18:52 2003] [debug] ssl_engine_io.c(1462):
+-+
[Fri Jun 13 18:18:52 2003] [debug] proxy_http.c(109): proxy: HTTP:
canonicalising URL //iniskp.mydomain.org/
[Fri Jun 13 18:18:52 2003] [debug] mod_proxy.c(459): Trying to run scheme_handler
[Fri Jun 13 18:18:52 2003] [debug] proxy_http.c(1076): proxy: HTTP: serving URL
https://iniskp.mydomain.org/
[Fri Jun 13 18:18:52 2003] [debug] proxy_http.c(221): proxy: HTTP connecting
https://iniskp.mydomain.org/ to iniskp.mydomain.org:443
[Fri Jun 13 18:18:52 2003] [debug] proxy_util.c(1203): proxy: HTTP: fam 2 socket
created to connect to iniskp.mydomain.org
[Fri Jun 13 18:18:52 2003] [debug] proxy_http.c(370): proxy: socket is connected
[Fri Jun 13 18:18:52 2003] [debug] proxy_http.c(404): proxy: connection complete
to xxx.5.67.95:443 (iniskp.mydomain.org)
[Fri Jun 13 18:18:52 2003] [info] Connection to child 3 established (server
iniskp.mydomain.org:443, client xxx.5.67.95)
[Fri Jun 13 18:18:52 2003] [info] Seeding PRNG with 136 bytes of entropy
[Fri Jun 13 18:18:52 2003] [debug] ssl_engine_kernel.c(1766): OpenSSL:
Handshake: start
[Fri Jun 13 18:18:52 2003] [debug] ssl_engine_kernel.c(1774): OpenSSL: Loop:
before/connect initialization
[Fri Jun 13 18:18:52 2003] [debug] ssl_engine_kernel.c(1774): OpenSSL: Loop:
SSLv2/v3 write client hello A
[Fri Jun 13 18:18:52 2003] [debug] ssl_engine_io.c(1484): OpenSSL: read 0/7
bytes from BIO#8194ea0 [mem: 81a1c98] (BIO dump follows)
[Fri Jun 13 18:18:52 2003] [debug] ssl_engine_io.c(1431):
+-+
[Fri Jun 13 18:18:52 2003] [debug] ssl_engine_io.c(1462):
+-+
[Fri Jun 13 18:18:52 2003] [info] SSL Proxy connect failed
[Fri Jun 13 18:18:52 2003] [info] Connection to child 3 closed with abortive
shutdown(server iniskp.mydomain.org:443, client xxx.5.67.95)
.

And here is a successfull connection right after above connection:

.
[Fri Jun 13 18:18:53 2003] [debug] proxy_http.c(109): proxy: HTTP:
canonicalising URL //iniskp.mydomain.org/
[Fri Jun 13 18:18:53 2003] [debug] mod_proxy.c(459): Trying to run scheme_handler
[Fri Jun 13 18:18:53 2003] [debug] proxy_http.c(1076): proxy: HTTP: serving URL
https://iniskp.mydomain.org/
[Fri Jun 13 18:18:53 2003] [debug] proxy_http.c(221): proxy: HTTP connecting
https://iniskp.mydomain.org/ to iniskp.mydomain.org:443
[Fri Jun 13 18:18:53 2003] [debug] proxy_util.c(1203): proxy: HTTP: fam 2 socket
created to connect to iniskp.mydomain.org
[Fri Jun 13 18:18:53 2003] [debug] proxy_http.c(370): proxy: socket is connected
[Fri Jun 13 18:18:53 2003] [debug] proxy_http.c(404): proxy: connection complete
to xxx.5.67.95:443 (iniskp.mydomain.org)
[Fri Jun 13 18:18:53 2003] [info] Connection to child 5 established (server
iniskp.mydomain.org:443, client xxx.5.67.95)
[Fri Jun 13 18:18:53 2003] [info] Seeding PRNG with 136 bytes of entropy
[Fri Jun 13 18:18:53 2003] [debug] ssl_engine_kernel.c(1766): OpenSSL:
Handshake: start
[Fri Jun 13 18:18:53 2003] [debug] ssl_engine_kernel.c(1774): OpenSSL: Loop:
before/connect initialization
[Fri Jun 13 18:18:53 2003] [debug] ssl_engine_kernel.c(1774): OpenSSL: Loop:
SSLv2/v3 write client hello A
[Fri Jun 13 18:18:53 2003] [debug] ssl_engine_io.c(1484): OpenSSL: read 7/7
bytes from BIO#8194ea0 [mem: 81a3ca0] (BIO dump follows)
[Fri Jun 13 18:18:53 2003] [debug] ssl_engine_io.c(1431):
+-+
[Fri Jun 13 18:18:53 2003] [debug] ssl_engine_io.c(1456): 
| : 16 03 01 03 68 02h.   |
[Fri Jun 13 18:18:53 2003] [debug] ssl_engine_io.c(1460): 
| 0007 - 
.

The difference is in "ssl

typemaps and extensions

2003-07-08 Thread André Malo

[moved from another list]

* William A. Rowe, Jr. wrote:

> At 12:56 PM 7/7/2003, André Malo wrote:
>>* Martin Kraemer wrote:
>>
>>> Is it really correct that there now is both a *.html and
>>> a *.html. copy present, or is this a bug (here perhaps,
>>> I have not looked deeper yet, or in the build)?
>>
>>That's correct. The pure *.html files contain type-maps (got a rid of
>>multiviews).
> 
> N
> 
> Never use foo.html as a typemap descriptor!  Please use foo.html.var
> to describe the available variants.

Why not? Extensions are totally irrelevant in HTTP universe.
We've removed multiviews for efficiency reasons. And *.html are our stable
URLs.

nd

[patch] bug 17928 - mod_proxy hangs when backend server returns a 304

RE: Tagged the tree

ssl connection with mod_proxy is very unstable

typemaps and extensions

4 matches

Site Navigation

Mail list logo

Footer information