httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From d.j.po...@bcs.org.uk
Subject Re: [users@httpd] RE : Apache/mod_ssl/IE problem
Date Tue, 02 Nov 2004 12:07:19 GMT
Hi,

Thanks for your reply.

We have the following BrowserMatch directives in our httpd.conf:

    <IfModule mod_setenvif.c>
        BrowserMatch "Mozilla/2" nokeepalive
        BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
        BrowserMatch "RealPlayer 4\.0" force-response-1.0
        BrowserMatch "Java/1\.0" force-response-1.0
        BrowserMatch "JDK/1\.0" force-response-1.0
    </IfModule>

We also have the following:

    SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

Reading up on some other postings, I also think the following settings are of
interest:

    SSLSessionCache        shmcb:/usr/app/apache/logs/ssl_scache(512000)
    SSLSessionCacheTimeout  300

According the Apache: The Definitive Guide, "BrowserMatch" and "SetEnvIf
User-Agent" do the same thing.

Despite these we are still seeing the server hanging.  Anyone else seen this?

Cheers,

Dave..



Quoting Axel-Stéphane  SMORGRAV <Axel-Stephane.SMORGRAV@europe.adp.com>:

> Just a shot in the dark.
>
> Try to add this to your configuration if you haven't already. Make sure you
> have mod_setenvif loaded.
>
>    BrowserMatch "MSIE" nokeepalive downgrade-1.0 force-response-1.0
>
> -ascs
>
> -----Message d'origine-----
> De : d.j.potts@bcs.org.uk [mailto:d.j.potts@bcs.org.uk]
> Envoyé : lundi 1 novembre 2004 17:57
> À : users@httpd.apache.org
> Objet : [users@httpd] Apache/mod_ssl/IE problem
>
>
> Hello,
>
> We have a problem with apache with the following symptoms
>
> - the number of apache processes hits MaxClients
> - the CPU on the box isn't doing much when we hit the max number of apache
> processes
> - sometimes apache recovers after about 5 minutes and we reduce to a more
> typical number of processes
> - other times apache has totally locked up an required a restart
>
> We see no pattern as to when this is occuring. It has occurred during quiet
> periods and during periods of heavy load.
>
> We have upped the MaxClients to 256, but we hit that level too.
>
> All our users connect over SSL.
>
> We have seen the following articles on the Microsoft site that makes us think
> that this could because of broken version of IE in our user community.
> However, we don't know from the articles the exact combination of OS and IE
> that would cause the problems and therefore haven't been able to recreate in
> a test environment.
>
> http://support.microsoft.com/default.aspx?kbid=305217
> http://www.microsoft.com/technet/security/bulletin/MS04-004.mspx
>
>
> We also get the following error in the SSL error log:
>
> [Tue Oct 26 06:43:04 2004] [error] mod_ssl: SSL handshake interrupted by
> system
> [Hint: Stop button pressed in browser?!] (System error follows) [Tue Oct 26
> 06:43:04 2004] [error] System: Connection timed out (errno: 145)
>
> We see this quite a lot during normal operation. However, during the periods
> were we hit the MaxClient processes, we see the number of these errors
> increase by an order of magnitude.
>
> Has anyone else seen similar problems and if so, what was their solution? If
> this is the problem described on the MS site, what version of Windows and IE
> do we need to recreate? Are there any server side only solutions?
>
> We are running on Solaris with apache 1.2.26 and mod_ssl 2.8.10 using a Sun
> Crypto 1 SSL accelerator card.
>
> Any help greatly apprecicated.
>
> Cheers,
>
> Dave.
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info. To
> unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message