httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sander Temme <scte...@apache.org>
Subject [users@httpd] Aggressively timing out proxy connections?
Date Thu, 21 Dec 2006 10:15:30 GMT
All,

I am using 2.2.3 on Windows 2003, running a reverse proxy to IIS 5.0  
on Win2k.  The Win2k box is hiding behind a Symantec firewall.   
Several locations proxied with ProxyPass and ProxyPassReverse to http  
port 80 on the IIS.  None of this is my fault except for the Apache  
configuration.

The symptom is an excessive amount of 502 responses, and the failing  
request seems to never make it to the IIS server (at least not to  
such an extent that it shows up in the IIS log). I have Windump  
running on the Apache box.

It looks like mod_proxy is setting up persistent connections, which  
are dropped by the firewall. The result is an RST from the firewall  
when mod_proxy tried to re-use an open backend connection.

I can mitigate 99% of this behaviour by using keepalive=On in the  
ProxyPass directives, but I'm still getting some drops. One such  
looks in the Ethereal trace like it sat idle for 17 minutes before  
mod_proxy tried to re-use it.

Can I configure the proxy so that it kills back-end connections  
faster than the firewall drops them? How would that work? smax=0  
ttl=60 (or some other value that won't trigger the firewall)?

Or, alternatively, can I turn off connection re-use altogether? I  
don't know that our traffic level needs persistent connections.

Thanks,

Sander

-- 
sctemme@apache.org            http://www.temme.net/sander/
PGP FP: 51B4 8727 466A 0BC3 69F4  B7B8 B2BE BC40 1529 24AF



Mime
View raw message