httpd-docs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject [Bug 61855] New: Using mod_rewrite and mod_proxy does not allow for backend keep-alive
Date Mon, 04 Dec 2017 17:06:48 GMT

            Bug ID: 61855
           Summary: Using mod_rewrite and mod_proxy does not allow for
                    backend keep-alive
           Product: Apache httpd-2
           Version: 2.5-HEAD
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Documentation
  Target Milestone: ---

When using mod_rewrite and mod_proxy together to create a reverse proxy based
on the Host http header, connection reuse is disabled.

Here is a sample configuration:

RewriteEngine On
RewriteRule .* - [E=TARGET:%{HTTP_HOST}]

SSLProxyEngine on
SSLProxyCheckPeerName off
SSLProxyCheckPeerCN off
SSLProxyCACertificatePath /etc/certs/
SSLProxyVerify none

ProxyPass / https://${TARGET}/ retry=0 ttl=5 keepalive=on interpolate
ProxyPassReverse / https://${RARGET}/ interpolate
ProxyPassInterpolateEnv on
ProxyPreserveHost On

It was thought that this would allow connection reuse and lower the CPU usage
due to SSL negotiation not being repeated. However, this doesn't work, and a
new backend connection is created for every request.

I'd like to suggest a documentation update that explicitly calls this out so
future users will learn this information sooner. This update could go in the
following places:

Note the following:

  - The mod_rewrite proxy flag [P] is not being used here
  - The security implication of using the Host header to determine backend
server is known, and is something that is worked around through other means.

You are receiving this mail because:
You are the assignee for the bug.
To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message