httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Ruggeri <DRugg...@primary.net>
Subject Re: Making mod_proxy_http more aware of SSL
Date Thu, 25 Nov 2010 15:19:35 GMT
>
> The loggers get in error state automatically when you call
> ap_proxyerror with HTTP_INTERNAL_SERVER_ERROR. No need to do it manually.
>
> Regards
>
> RĂ¼diger
>

The request goes into error state - that has never been the problem (502 
is correct here). The real issue is that the proxy worker that served 
the request does not. In a load balancing situation this means that the 
backend with broken SSL will stay in service and every other request 
will send a 502 back to the user (for a 2 node round-robin type of load 
balancing). If I'm not explaining it well enough, have a look at PR50332 
for a quick overview to duplicate the issue.

With this patch, the backend worker is put into error state and is 
subject to normal recovery attempts. In other words, one request fails 
and a 502 is returned but subsequent requests are correctly sent to the 
other backend until the error interval has expired and the first backend 
is retried. IMO, SSL handshake failures should be detected during 
connection so we could attempt another backend but I am not sure that's 
possible.

--
Daniel Ruggeri


Mime
View raw message