httpd-docs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 61855] New: Using mod_rewrite and mod_proxy does not allow for backend keep-alive
Date Mon, 04 Dec 2017 17:06:48 GMT
https://bz.apache.org/bugzilla/show_bug.cgi?id=61855

            Bug ID: 61855
           Summary: Using mod_rewrite and mod_proxy does not allow for
                    backend keep-alive
           Product: Apache httpd-2
           Version: 2.5-HEAD
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Documentation
          Assignee: docs@httpd.apache.org
          Reporter: dmulford@redhat.com
  Target Milestone: ---

When using mod_rewrite and mod_proxy together to create a reverse proxy based
on the Host http header, connection reuse is disabled.

Here is a sample configuration:

--- SAMPLE CONFIG ---
RewriteEngine On
RewriteRule .* - [E=TARGET:%{HTTP_HOST}]

SSLProxyEngine on
SSLProxyCheckPeerName off
SSLProxyCheckPeerCN off
SSLProxyCACertificatePath /etc/certs/
SSLProxyVerify none

ProxyPass / https://${TARGET}/ retry=0 ttl=5 keepalive=on interpolate
ProxyPassReverse / https://${RARGET}/ interpolate
ProxyPassInterpolateEnv on
ProxyPreserveHost On
--- END SAMPLE CONFIG ---

It was thought that this would allow connection reuse and lower the CPU usage
due to SSL negotiation not being repeated. However, this doesn't work, and a
new backend connection is created for every request.

I'd like to suggest a documentation update that explicitly calls this out so
future users will learn this information sooner. This update could go in the
following places:

  https://httpd.apache.org/docs/2.4/mod/mod_rewrite.html
  https://httpd.apache.org/docs/2.4/mod/mod_proxy.html

Note the following:

  - The mod_rewrite proxy flag [P] is not being used here
  - The security implication of using the Host header to determine backend
server is known, and is something that is worked around through other means.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org


Mime
View raw message