httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Matthew Turany <>
Subject [users@httpd] Allow From directive causing slow performance for proxy
Date Mon, 23 Dec 2013 05:24:55 GMT

Not sure if this could be considered a bug but here goes.

OS:  Oracle Linux 6.4
Apache:  2.2.15

Apache being used as a reverse-proxy sitting in front of multiple web

We are currently using the Allow From directive to restrict access by IP
Address to virtual hosts. Each virtual host 'client'  has their own
"access.conf" file which then lists the one or more IP's, this list of IP's
is usually around two maybe three but sometimes up to ten or more, at the
extreme end is the 'acme' customer e.g.;

# Acme PRODUCTION site
<Location /acme/>
AuthName Acme Corp
AuthType Basic
AuthUserFile /abc/http_pass/acme_auth
# comment 1
# comment 2
Require valid-user
Order Allow,Deny
Allow from # Site 1
Allow from # Site 2
Allow from # Site 3
Allow from # Site 4
Allow from # Site 32

Reports started coming in stating slow access speeds from certain networks
(IP's), this performance drop was from 2-3 seconds to display page, to 3 -
5 mins. Troubleshooting the issue revealed that if the slow performing
sites IP address was moved to the top of the list (in the example above -
move Site 32 to the line above Site 1), access speed performance would
return to normal, however someone else in the list would eventually report
the same issue. This problem has also appeared with sites that have a much
shorter list of say ten or fifteen.

If we remove or comment out all of the IP's and simply do a "Allow all"
performance returns to normal.

We have made sure no DNS lookups are in place or being made.

I've searched the mail list archives and have found two identical reports,
unfortunately neither of them appears to have been solved, and they are
from a few years ago as well. Shortening the list is not an option at the

Any help or assistance would be greatly appreciated.


View raw message