httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 19242] New: - Problem Reverse Proxying HTTPS site
Date Wed, 23 Apr 2003 02:27:38 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=19242>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=19242

Problem Reverse Proxying HTTPS site

           Summary: Problem Reverse Proxying HTTPS site
           Product: Apache httpd-2.0
           Version: 2.0.45
          Platform: Sun
        OS/Version: Solaris
            Status: NEW
          Severity: Critical
          Priority: Other
         Component: mod_proxy
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: ssl198064@hotmail.com


We are currently having an issue where we are reverse proxying an HTTPS site 
using Apache.  Every second request to the site (via the rev proxy) fails with 
a 500 Internal Server Error.  I have done various debugging such as snoops, 
trusses and debug apache logging.

What seems to happen is the first (successful) request works as expected, 
however when the second request is sent, the SSL session between the client and 
proxy is set up okay, but the SSL connection between the proxy and backend 
server has problems.  Basically it (the proxy) sets up the TCP session okay, 
sends an SSL Client Hello, but then almost straight away sends a FIN.

I then looked at the apache error log, with full debugging enabled to see why 
the proxy would send a client hello, and then straight away send a FIN.  It 
seems that there is an issue with an SSL BIO being logged.  It says that 0/7 
bytes are being read from the BIO whenever the connection is failing.  However, 
when there is a successful connection it reads 7/7 bytes at this same part of 
the conversation.

I have also done a truss of a successful vs unsuccessful connection.  When 
successful, the httpd process is doing a read, getting an "Err#11 Eagain" 
error, doing a poll, redoing the read, but this time without error.  However on 
an unsuccessful connection, the httpd process does the same initial read, gets 
the same "Err#11 Eagain" error, but does not do the poll or reread.
 
I have verified this exact same behaviour on the following:
Solaris 2.6 with Apache 2.0.44 OpenSSL 0.9.7
Solaris 8 with Apache 2.0.44 OpenSSL 0.9.7 (32bit)
Solaris 8 with Apache 2.0.45 OpenSSL 0.9.7a (32bit)
Solaris 8 with Apache 2.0.45 OpenSSL 0.9.7a (64bit)

I have also tried on both a SunBlade 100 and E450 platform, each with identical 
results.

I have tried both prefork and worker mpms with identical results.

I have found that the only workaround (which is very ugly) is to set the 
MaxRequestsPerChild to 1.  

I have also played with virtually every setting I can think of, particularly 
the SSLMutex and AcceptMutex settings.  Nothing other that the above workaround 
seems to affect this problem.

Any ideas would be greatly appreciated?

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message