httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Plüm, Rüdiger, VF-Group" <>
Subject RE: OS Keep-alive on forward proxy
Date Thu, 05 Aug 2010 09:33:04 GMT

> -----Original Message-----
> From: Paul Fee 
> Sent: Donnerstag, 5. August 2010 11:18
> To:
> Subject: Re: OS Keep-alive on forward proxy
> Rainer Jung wrote:
> <snip>
> > And yes: the forward proxy does *not* do HTTP Keepalive. Technical
> > reason: the connections to the origin server are pooled and 
> retrieved
> > from and returned to the pool for each request. A forward 
> proxy usually
> > talks to many diferent origin servers. Keeping those 
> connections open in
> > a naive way would lead to a lot of not well used pools. 
> Assuming that
> > during one client connection the origin server often is used for
> > multiple requests this could be improved, but would bloat 
> the already
> > complicated proxy code even more.
> Has mod_proxy operated in that way for a while now?  I gained 

Since 2.2.

> most of my 
> experience with mod_proxy using Apache 2.0.X.  My 
> understanding was that 
> proxy to OS connections were tightly coupled to the client to proxy 

That was true in 2.0.x yes.

> connection.  There was a deliberate decision not to reuse proxy->OS 
> connections for requests coming from other client->proxy 
> connections as this 
> may be a security risk.
> The OS may attribute authorization to a connection and a 
> subsequent request 
> on this persistent connection could inherit these attributes. 
>  Each HTTP 
> request *should* be stateless and hence the next request on 
> the same socket 
> should be independent, but there was the risk that a remote 
> (non-Apache) 
> origin server may not work that way.  If the proxy->OS 
> connection is pooled 
> and reused by a different client->proxy request, does that 
> risk confusing an 
> origin server that expects all requests on the same 
> connection to come from 
> the same client?

It would be a bug in this server to expect them to origin from the
same client as you correctly state that HTTP is a stateless protocol.
Nevertheless you can turn off connection pooling in the case you
are dealing with a faulty origin server.



View raw message