This is interesting. I'm seeing similar events at one of my reverse proxy.
After fixing a DNS infrastructure problem I started seeing lots of 304s
with processing times well above 5 seconds. For header-only requests that's
a lot of time. If there is any news here please let us know. At the very
least it would help me.
On Mon, Jun 24, 2013 at 6:43 PM, Robert Gabriel <epheme...@gmail.com> wrote:
>
>
>
> On 24 June 2013 18:27, Tom Evans <tevans...@googlemail.com> wrote:
>
>> On Mon, Jun 24, 2013 at 2:03 PM, Robert Gabriel <epheme...@gmail.com>
>> wrote:
>> > Hello all,
>> >
>> > We have:
>> >
>> > Apache 2.2.3
>> > CentOS 5.5 x86_64
>> > Splunk 5.0.2
>> >
>> > I only know the basics but Apache has been serving us very well with the
>> > below config
>> >
>> > and only after about a week did pages refresh very slowly, up to a
>> minute to
>> > reload
>> >
>> > sometimes.
>> >
>> > I tailed both httpd and splunkd logs and saw a consistent delay of 30s
>> > between proxy
>> >
>> > and origin server (both on same host) along with plenty of 304s,
>> followed by
>> > what
>> >
>> > appeared to be some timeout and then slowly the 200s started coming
>> back in.
>> >
>> > A restart of httpd cleared up the issue.
>> >
>> > I'm lost, please help.
>> >
>> > Could this be a caching problem?
>> >
>> > Thank you.
>> >
>> > <VirtualHost *:443>
>> > SSLEngine on
>> > SSLCertificateFile /etc/httpd/conf/server.crt
>> > SSLCertificateKeyFile /etc/httpd/conf/server.key
>> > SSLProxyEngine On
>> > SSLCACertificateFile /etc/httpd/conf/gsoc.pem
>> > SSLProtocol all -SSLv2
>> > SSLVerifyClient require
>> > SSLVerifyDepth 1
>> > SSLOptions +StrictRequire
>> >
>> > RequestHeader set X-Remote-User %{REMOTE_USER}s
>> >
>> > ServerName dashboards.gsoc.co.za:443
>> > ServerAdmin ad...@gsoc.co.za
>> > DocumentRoot /srv/http/gdf/
>> > CustomLog /var/log/httpd/gdf/access combined
>> > ErrorLog /var/log/httpd/gdf/error
>> > LogLevel debug
>> >
>> > ProxyRequests Off
>> > ProxyPreserveHost Off
>> > ProxyPass /gdf https://172.20.67.2:8000/gdf
>> > ProxyPassReverse /gdf https://172.20.67.2:8000/gdf
>> >
>> > <Directory />
>> > SSLRequireSSL
>> > AllowOverride none
>> > AuthName "GDF"
>> > AuthType Basic
>> > AuthDigestProvider file
>> > AuthUserFile /etc/httpd/conf/passwd
>> > Require ssl-verify-client
>> > Require valid-user
>> > Require ssl
>> > Satisfy All
>> > </Directory>
>> >
>> > <Location /gdf>
>> > SSLRequireSSL
>> > AuthName "GDF"
>> > AuthType Basic
>> > AuthDigestProvider file
>> > AuthUserFile /etc/httpd/conf/passwd
>> > Require ssl-verify-client
>> > Require valid-user
>> > Require ssl
>> > Satisfy All
>> > </Location>
>> > </VirtualHost>
>>
>> 30 seconds is the length of the default timeout in apache.
>> Unfortunately, that timeout is used in all sorts of cases, so it does
>> not tell us what is timing out.
>>
>> As a rank guess, I would be going for DNS timeout myself. Do you have
>> HostnameLookups set to "On" or "Double", or using host names in ACLs?
>>
>> Cheers
>>
>> Tom
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>> For additional commands, e-mail: users-h...@httpd.apache.org
>>
>>
> We are not doing any hostname ACLs.
>
> Forgive my limited knowledge, I did RTFM before replying to make sure I
> understood
> the intended config and no, we are not doing any.
>
> "HostnameLookups Off"
>
> How come a restart "fixes" the problem?
>
> Thank you.
>
