httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Fee <p...@talk21.com>
Subject RE: OS Keep-alive on forward proxy
Date Thu, 05 Aug 2010 15:31:37 GMT
"Plüm, Rüdiger, VF-Group" wrote:

>  
> 
>> -----Original Message-----
>> From: Paul Fee
>> Sent: Donnerstag, 5. August 2010 11:18
>> To: dev@httpd.apache.org
>> Subject: Re: OS Keep-alive on forward proxy
>> 
>> Rainer Jung wrote:
>> 
>> <snip>
>> 
>> > And yes: the forward proxy does *not* do HTTP Keepalive. Technical
>> > reason: the connections to the origin server are pooled and
>> retrieved
>> > from and returned to the pool for each request. A forward
>> proxy usually
>> > talks to many diferent origin servers. Keeping those
>> connections open in
>> > a naive way would lead to a lot of not well used pools.
>> Assuming that
>> > during one client connection the origin server often is used for
>> > multiple requests this could be improved, but would bloat
>> the already
>> > complicated proxy code even more.
>> 
>> Has mod_proxy operated in that way for a while now?  I gained
> 
> Since 2.2.
> 
>> most of my
>> experience with mod_proxy using Apache 2.0.X.  My
>> understanding was that
>> proxy to OS connections were tightly coupled to the client to proxy
> 
> That was true in 2.0.x yes.
> 
>> connection.  There was a deliberate decision not to reuse proxy->OS
>> connections for requests coming from other client->proxy
>> connections as this
>> may be a security risk.
>> 
>> The OS may attribute authorization to a connection and a
>> subsequent request
>> on this persistent connection could inherit these attributes.
>>  Each HTTP
>> request *should* be stateless and hence the next request on
>> the same socket
>> should be independent, but there was the risk that a remote
>> (non-Apache)
>> origin server may not work that way.  If the proxy->OS
>> connection is pooled
>> and reused by a different client->proxy request, does that
>> risk confusing an
>> origin server that expects all requests on the same
>> connection to come from
>> the same client?
> 
> It would be a bug in this server to expect them to origin from the
> same client as you correctly state that HTTP is a stateless protocol.
> Nevertheless you can turn off connection pooling in the case you
> are dealing with a faulty origin server.
> 
> Regards
> 
> Rüdiger

That's useful information, it's not mentioned in the overview of new 
features in 2.2 and I missed it in the detailed changelog.  Thanks for 
correcting my misunderstanding.

Regarding disabling connection pooling, I looked at the source and see two 
ways to achieve this:

1) The "disablereuse" parameter of the ProxyPass directive.
2) The "proxy-initial-not-pooled" Apache environment variable set on a per-
request basis.

Both these relate to reverse proxy requests.

Does connection pooling apply to forward proxy requests?  If so, are there 
configuration options to control it?

Would disabling connection pooling fix the defect that Ryujiro Shibuya 
reported (with the penalty of losing the performance gains for pooling)?

Thanks,
Paul

Mime
View raw message