httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Fran Boon <>
Subject Re: [users@httpd] proxy:ajp 'client denied by server configuration' when too many simultaneous requests happen
Date Fri, 18 Feb 2011 22:01:16 GMT
2011/2/18 Igor Galić <>:
> ----- Original Message -----
>> httpd error log:
>> client denied by server configuration:
>> proxy:ajp://localhost:8009/geoserver/gwc/service/wms
>> This happens under 'high' load only (pages usually display
> How high? Are we talking high demand, or high CPU?

Concurrent requests.
If I fire off 10 requests, then say the 1st 4 respond OK, & then the
following 6 fail with the 403 'Forbidden'
There is 2Gb RAM on the server, of which more than 1/2 is still free
(no swap used) so I don't believe is's load per se.
(Load average stays low)

>> fine...there's no specific bad URL here).
> Interesting.. usually this is caused by configuration mistakes:

Yeah, thumbs pointed me to that doc, which is a nice summary of the
on/off cases, but doesn't help with this concurrency issue...

>> httpd snippet:
>> ProxyPreserveHost on
>> RewriteRule ^/geoserver/(.*)$ ajp://localhost:8009/geoserver/$1 [P]
>> ProxyPassReverse /geoserver ajp://localhost:8009/geoserver/
> Why are you doing that? It doesn't make *any* sense.
> Why not use
> ProxyPass /geoserver/ ajp://localhost:8009/geoserver/
> ProxyPassReverse /geoserver ajp://localhost:8009/geoserver/
> See:
> And:
> Please change it accordingly, and see report back whether
> it's still happening or not.

ok, I'm using rewrite for other things so am in the habit of it, but
yes, it provides no especial gain here.
I tried disabling it - didn't seem to make much odds.
What I am finding luck with is:
disablereuse On

This is easier to apply using the ProxyPass syntax (no need for the
ProxySet method)

>> Happens even with 'Allow from all' in proxy.conf (in fact nothing in
>> that file makes any difference, presumably as it only affects Forward
>> proxies.
> You should probably delete that file.
> Or see:

No love lost, I see ;)
Luckily the file is easily ignored for me :)

>> Back-end is GeoServer in Tomcat 6 (exactly same thing happened with
>> 5.5) on Debian Squeeze 64-bit & current Sun JVM.
>> Nothing in the logs at the back-end, though, seems to be a problem
>> with the Connector.
>> Same thing whether or not using the 'APR based Apache Tomcat Native
>> library 1.1.20' or not.
>> I tried putting in a connectionTimeout into server.xml, but it makes
>> no difference:
>> <Connector port="8009" protocol="AJP/1.3" redirectPort="8443"
>> connectionTimeout="60000" />
>> Only web posts I've seen are the on/off conditions rather than
>> erratic ones.
>> Many thanks, for any suggestions :)

> If all else fails, try using the HTTP connector.

Yup, that's worth a try if I can't fix AJP ;)

Thanks a lot,

>> Fran.
> --
> Igor Galić
> Tel: +43 (0) 664 886 22 883
> Mail:
> URL:

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message