httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Plüm, Rüdiger, VF-Group" <ruediger.pl...@vodafone.com>
Subject RE: Making mod_proxy_http more aware of SSL
Date Thu, 25 Nov 2010 15:34:53 GMT
 

> -----Original Message-----
> From: Daniel Ruggeri 
> Sent: Donnerstag, 25. November 2010 16:20
> To: dev@httpd.apache.org
> Subject: Re: Making mod_proxy_http more aware of SSL
> 
> >
> > The loggers get in error state automatically when you call
> > ap_proxyerror with HTTP_INTERNAL_SERVER_ERROR. No need to 
> do it manually.
> >
> > Regards
> >
> > Rüdiger
> >
> 
> The request goes into error state - that has never been the 
> problem (502 
> is correct here). The real issue is that the proxy worker that served 
> the request does not. In a load balancing situation this 
> means that the 
> backend with broken SSL will stay in service and every other request 
> will send a 502 back to the user (for a 2 node round-robin 
> type of load 
> balancing). If I'm not explaining it well enough, have a look 
> at PR50332 
> for a quick overview to duplicate the issue.
> 
> With this patch, the backend worker is put into error state and is 
> subject to normal recovery attempts. In other words, one 
> request fails 
> and a 502 is returned but subsequent requests are correctly 
> sent to the 
> other backend until the error interval has expired and the 
> first backend 
> is retried. IMO, SSL handshake failures should be detected during 
> connection so we could attempt another backend but I am not 
> sure that's 
> possible.

Hence you should return a 500 as this signals the mod_proxy code that the
backend is broken and should be put in error state.
A 502 does not put the backend in error state (as you found out).

Regards

Rüdiger

Mime
View raw message