Hi, We are using Apache's SNI<https://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI>functionality to host multiple sites in single apache instance [version 2.2.22]. Lets say the domain names we host are www.A.com and www.B.com
We are facing issues due to slow clients. Due to RequestReadTimeout<http://httpd.apache.org/docs/2.2/mod/mod_reqtimeout.html> settings,when a slow client gets timed out before sending headers (which I believe includes domain name) to a target VirtualHost, 408 error is thrown out and client gets error from a different VirtualHost (default) and ends up getting certificate error. I simulated this using slowhttptest tool and when I send slow requests to www.B.com, 408 errors were getting logged in default VirtualHosts log file of www.A.com (actual data has been changed for privacy) /opt/bin/slowhttptest -c 2 -i 100 -v 4 -u https://www.B.com/test.html Fri Mar 14 20:22:15 2014:closing slow socket 3 Fri Mar 14 20:22:16 2014:run_test: socket 4 replied 194 bytes: HTTP/1.1 408 Request Time-out Date: Fri, 14 Mar 2014 14:52:03 GMT Server: Apache Vary: Accept-Encoding Content-Length: 223 Connection: close Content-Type: text/html; charset=iso-8859-1 Fri Mar 14 20:22:16 2014:run_test: socket 4 replied 223 bytes: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>408 Request Time-out</title> </head><body> <h1>Request Time-out</h1> <p>Server timeout waiting for the HTTP request from the client.</p> </body></html> www.A.com logs /var/log/apache2$ ls *-access.log|grep test.html www.A.com-access.log:10.10.10.10 - - [14/Mar/2014:20:22:03 +0530] "GET /test.html HTTP/1.1" 408 223 11402764 0 "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2)" 761 5512 - - - - - 10.10.10.10 More than logging at server, this is affecting the client as browser throws a certificate warning saying something on the lines of "You attempted to reach www.B.com but instead you actually reached a server identifying itself as www.A.com" Pls let us know how we can ensure certificate error doesn't show up when using SNI and header-level request timeout happens. Thanks Anantha