Hi there,
On our platform we have had to disable Keep-Alive support on our
Apache/FastCGI/PHP setup because it holds open too many backend
processes under load even with KeepAliveTimeout set low.
I am looking at Varnish as a web accelerator (it looks great!), and I
wonder if it is possible to
Poul-Henning Kamp wrote:
>> I was thinking it might be possible to strip out the "Connection: Close"
>> header returned by Apache, [...]
>
> You don't need to do anything.
>
> "Connection:" is a hop-by-hop header, so Varnish already deletes it before
> sending the reply to the client
Perfect!
Hi there,
A client using Mac version of Safari complains of intermittent errors
"kCFErrorDomainCFNetwork error 302", perhaps every other page, on
dynamically generated pages.
This is a stock install of varnish-2.0-rc1, with default.vcl and default
configuration values. Everything works perfect
Hi there
Just to update you on my experience with Varnish 1.1.2, I had exactly
the same problem as reported by the user on this ticket:
http://varnish.projects.linpro.no/ticket/250
In my case, the cause of the problem after some analysis of the log
files was that the "Connection-Length" head
Poul-Henning Kamp wrote:
> In message <[EMAIL PROTECTED]>, Nick Loman writes:
>> Hi there
>>
>> Just to update you on my experience with Varnish 1.1.2, [...]
>
> At this point we _really_ urge everybody to upgrade to Varnish 2.0.
>
> The release candida
Poul-Henning Kamp wrote:
> In message <[EMAIL PROTECTED]>, Nick Loman writes:
>
>> I started on Varnish 2.0-rc1, which was 99% great, but we experienced a
>> problem which was unfortunately a show-stopper. See my post on the 9th
>> October, "Mac connection p
Tollef Fog Heen wrote:
> | Varnish is a very good web accelerator, and i find it support KeepAlive.
> | The default keep-alive is on. I want to turn off the keep-alive, but i
> don't know how to do it.
> | Please tell me how to turn off the keep-alive.
>
> I don't believe that's possible out of
Alecs Henry wrote:
> Those are coupled with:
> 127.0.0.1 - - [09/Feb/2009:19:39:46 +] "(null) (null) (null)" 200
> 39678 "-" "-"
> I can see an object in the page that has that size (image) -- through
> firebug, but the object didn't load into the browser until I hit reload.
I've seen log e
Hi there,
Has anyone come to a satisfactory solution to the issue of running out
of local port numbers when Varnish makes a connection to the backend server?
Under Linux, my understanding is the number of available port numbers
can be increased to a maximum of 64511 by setting
/proc/sys/net/ip
Michael S. Fischer wrote:
> On Apr 29, 2009, at 9:22 AM, Poul-Henning Kamp wrote:
>
>> In message <49f87de4.3040...@loman.net>, Nick Loman writes:
>>
>>> Has Varnish got a solution to this problem which does not involve
>>> time-wait recycling? One thi
Michael S. Fischer wrote:
>> I've done that for a specific reason relating to backend PHP processes.
>
> I don't dispute your reasoning; my employer does this as well.
> KeepAlive with Apache/PHP can be a recipe for resource starvation on
> your origin servers.
Hi Michael,
Precisely, we only
Poul-Henning Kamp wrote:
> In message <49f9bf57.4020...@loman.net>, Nick Loman writes:
>
>> Precisely, we only have perhaps 50 PHP children serving requests, so if
>> these are kept open to serve idle keep-alive connections, that severely
>> limits the numbers o
Poul-Henning Kamp wrote:
> In message <49fab28f.2040...@loman.net>, Nick Loman writes:
>> Poul-Henning Kamp wrote:
>
>> Which way round do you mean?
>>
>> Apache specifies Keep-Alive in seconds, and my sites will certainly die
>> if I set it to even 1
I would guess that Varnish isn't affected by this, but does anyone know
for sure? Does Varnish protect against this attack in all cases if you
have Apache as your backend?
http://isc.sans.org/diary.html?storyid=6601
Many thanks,
Nick.
___
varnish-mi
Poul-Henning Kamp wrote:
> In message <4a3ba393.3010...@loman.net>, Nick Loman writes:
>
>> I would guess that Varnish isn't affected by this, but does anyone know
>> for sure? Does Varnish protect against this attack in all cases if you
>> have
Hi Sven,
I don't know the basis precise for it, but I can vouch for the fact that
tcp_tw_recycle is incompatible with NAT on the server side. I would
guess it is because the NAT gateway keeps a connection tracking list and
is unhappy that the webserver is trying to reuse the same ip:port hash
16 matches
Mail list logo
