You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Fran Boon <fr...@gmail.com> on 2011/02/18 13:41:10 UTC
[users@httpd] proxy:ajp 'client denied by server configuration' when too many
simultaneous requests happen
httpd error log:
client denied by server configuration:
proxy:ajp://localhost:8009/geoserver/gwc/service/wms
This happens under 'high' load only (pages usually display
fine...there's no specific bad URL here).
httpd snippet:
ProxyPreserveHost on
RewriteRule ^/geoserver/(.*)$ ajp://localhost:8009/geoserver/$1 [P]
ProxyPassReverse /geoserver ajp://localhost:8009/geoserver/
<LocationMatch "^(/[\w_]*/geoserver/.*)">
Order Allow,Deny
Allow from all
</LocationMatch>
I have tried this without any apparent difference:
<Proxy ajp://localhost:8009>
ProxySet keepalive=On timeout=15 ttl=60
</Proxy>
Happens even with 'Allow from all' in proxy.conf (in fact nothing in
that file makes any difference, presumably as it only affects Forward
proxies.
Back-end is GeoServer in Tomcat 6 (exactly same thing happened with
5.5) on Debian Squeeze 64-bit & current Sun JVM.
Nothing in the logs at the back-end, though, seems to be a problem
with the Connector.
Same thing whether or not using the 'APR based Apache Tomcat Native
library 1.1.20' or not.
I tried putting in a connectionTimeout into server.xml, but it makes
no difference:
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443"
connectionTimeout="60000" />
Only web posts I've seen are the on/off conditions rather than erratic ones.
Many thanks, for any suggestions :)
Fran.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: proxy:ajp 'client denied by server configuration' when too many
simultaneous requests happen
Posted by Filip Hanik - Dev Lists <de...@hanik.com>.
On 02/18/2011 02:42 PM, Fran Boon wrote:
> On 18 February 2011 20:19, Filip Hanik - Dev Lists<de...@hanik.com> wrote:
>
>> Simplest to try first is the disablereuse flag
>> http://httpd.apache.org/docs/2.2/mod/mod_proxy.html
>> disablereuse On
>> and if that solves the problem, you know that the problem with not enough
>> threads on tomcat.
>> (Could be from stale connections that are still holding a thread)
>>
> Awesome - that makes it at least 10x more reliable!
> Still not perfect, but a massive improvement.
>
Yes, it is also useful if you have more web servers than you have
application servers.
> Any more suggestions on what I can do to clear the last errors&
> generally how to approach this configuration?
>
What errors? I'm not sure what you are referring too here?
Since you've made changes to your environment, you may want to post more
detail on what is going on now.
> (Apache& Tomcat on the same physical server. Load isn't terribly high
> right now, but I'd like it to be able to scale. There is 2Gb RAM
> available (although this is shared with PostgreSQL which is tuned to
> think it has 1024 available for it)
>
If they are on the same servers, I would leave the "disablereuse On" as
the cost of a connection establishment is not as high as it would be
over a network.
Plan to scale out, meaning, as one box gets high in utilization, you
should be able to add another box with another httpd/tomcat combo to
balance your load.
It requires some sort of load balancer in front of your web servers.
(for software, I would look into http://haproxy.1wt.eu/)
If your database gets saturated, you may want to look into data caching
solutions, to lower the number of trips to the database. there are
plenty of such solutions out there. In the extreme case, you'd get rid
of the database and move to a distributed NoSQL solution.
best
Filip
> Many thanks :)
> Fran.
>
>
>> Filip
>>
>> On 02/18/2011 12:24 PM, Fran Boon wrote:
>>
>>> httpd error log:
>>> client denied by server configuration:
>>> proxy:ajp://localhost:8009/geoserver/gwc/service/wms
>>>
>>> This happens under 'high' load only: 1st few requests of a batch are
>>> answered but then they start dying - there are no bad URLs here.
>>>
>>> httpd snippet:
>>> ProxyPreserveHost on
>>> RewriteRule ^/geoserver/(.*)$ ajp://localhost:8009/geoserver/$1 [P]
>>> ProxyPassReverse /geoserver ajp://localhost:8009/geoserver/
>>>
>>> <LocationMatch "^(/[\w_]*/geoserver/.*)">
>>> Order Allow,Deny
>>> Allow from all
>>> </LocationMatch>
>>>
>>> I have tried these configuration options without any apparent difference:
>>> <Proxy ajp://localhost:8009>
>>> ProxySet keepalive=On timeout=15 ttl=60
>>> </Proxy>
>>>
>>> Happens even with 'Allow from all' in proxy.conf (in fact nothing in
>>> that file makes any difference, presumably as it only affects Forward
>>> proxies.
>>>
>>> I have tried with both the default prefork MPM& also the worker MPM.
>>>
>>> Back-end is GeoServer in Tomcat 6 (exactly same thing happened with
>>> 5.5) on Debian Squeeze 64-bit& current Sun JVM.
>>> Nothing in the logs at the back-end, though, seems to be a problem
>>> with the Connector.
>>> Same thing whether or not using the 'APR based Apache Tomcat Native
>>> library 1.1.20' or not.
>>> I tried putting in a connectionTimeout into server.xml, but it makes
>>> no difference:
>>> <Connector port="8009" protocol="AJP/1.3" redirectPort="8443"
>>> connectionTimeout="60000" />
>>>
>>> Same with setting the minSpareThreads="32" maxThreads="256"
>>> to match those in apache.conf
>>> <IfModule mpm_worker_module>
>>> StartServers 2
>>> MaxClients 256
>>> MinSpareThreads 32
>>> MaxSpareThreads 128
>>> ThreadsPerChild 32
>>> MaxRequestsPerChild 1024
>>> </IfModule>
>>>
>>> None of these tuning options seem to make much difference.
>>>
>>> Only web posts I've seen are the on/off conditions rather than erratic
>>> ones.
>>>
>>> Many thanks, for any suggestions :)
>>>
>>> Fran.
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>
>>>
>>>
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: proxy:ajp 'client denied by server configuration' when too many
simultaneous requests happen
Posted by André Warnier <aw...@ice-sa.com>.
Fran Boon wrote:
...
> ... but I'd like it to be able to scale. There is 2Gb RAM ..
These 2 phrases are a contradiction in terms.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: proxy:ajp 'client denied by server configuration' when too many
simultaneous requests happen
Posted by Fran Boon <fr...@gmail.com>.
On 18 February 2011 21:42, Fran Boon <fr...@gmail.com> wrote:
> On 18 February 2011 20:19, Filip Hanik - Dev Lists <de...@hanik.com> wrote:
>> Simplest to try first is the disablereuse flag
>> http://httpd.apache.org/docs/2.2/mod/mod_proxy.html
>> disablereuse On
>> and if that solves the problem, you know that the problem with not enough
>> threads on tomcat.
>> (Could be from stale connections that are still holding a thread)
> Awesome - that makes it at least 10x more reliable!
> Still not perfect, but a massive improvement.
Actually this seems to have been a relatively temporary improvement.
However I have found the underlying cause!
mod_evasive had been installed to protect against DoS attacks & it
seems that this is what gives the error with too many simultaneous
requests!
Removing this & all works reliably - big phew!
> Any more suggestions on what I can do to clear the last errors &
> generally how to approach this configuration?
> (Apache & Tomcat on the same physical server. Load isn't terribly high
> right now, but I'd like it to be able to scale. There is 2Gb RAM
> available (although this is shared with PostgreSQL which is tuned to
> think it has 1024 available for it)
This would still be welcomed - I've got to the stage of realising the
wealth of options available to me, but still not sure exactly what I
should do ;)
I guess trial & error is the best bet & since my load levels are so
low, it's quite likely that default configs should be fine.
Since I'm only running a single Tomcat, there's no big reason to run
Worker MPM, is there?
Many thanks,
Fran.
>> Filip
>>
>> On 02/18/2011 12:24 PM, Fran Boon wrote:
>>>
>>> httpd error log:
>>> client denied by server configuration:
>>> proxy:ajp://localhost:8009/geoserver/gwc/service/wms
>>>
>>> This happens under 'high' load only: 1st few requests of a batch are
>>> answered but then they start dying - there are no bad URLs here.
>>>
>>> httpd snippet:
>>> ProxyPreserveHost on
>>> RewriteRule ^/geoserver/(.*)$ ajp://localhost:8009/geoserver/$1 [P]
>>> ProxyPassReverse /geoserver ajp://localhost:8009/geoserver/
>>>
>>> <LocationMatch "^(/[\w_]*/geoserver/.*)">
>>> Order Allow,Deny
>>> Allow from all
>>> </LocationMatch>
>>>
>>> I have tried these configuration options without any apparent difference:
>>> <Proxy ajp://localhost:8009>
>>> ProxySet keepalive=On timeout=15 ttl=60
>>> </Proxy>
>>>
>>> Happens even with 'Allow from all' in proxy.conf (in fact nothing in
>>> that file makes any difference, presumably as it only affects Forward
>>> proxies.
>>>
>>> I have tried with both the default prefork MPM& also the worker MPM.
>>>
>>> Back-end is GeoServer in Tomcat 6 (exactly same thing happened with
>>> 5.5) on Debian Squeeze 64-bit& current Sun JVM.
>>> Nothing in the logs at the back-end, though, seems to be a problem
>>> with the Connector.
>>> Same thing whether or not using the 'APR based Apache Tomcat Native
>>> library 1.1.20' or not.
>>> I tried putting in a connectionTimeout into server.xml, but it makes
>>> no difference:
>>> <Connector port="8009" protocol="AJP/1.3" redirectPort="8443"
>>> connectionTimeout="60000" />
>>>
>>> Same with setting the minSpareThreads="32" maxThreads="256"
>>> to match those in apache.conf
>>> <IfModule mpm_worker_module>
>>> StartServers 2
>>> MaxClients 256
>>> MinSpareThreads 32
>>> MaxSpareThreads 128
>>> ThreadsPerChild 32
>>> MaxRequestsPerChild 1024
>>> </IfModule>
>>>
>>> None of these tuning options seem to make much difference.
>>>
>>> Only web posts I've seen are the on/off conditions rather than erratic
>>> ones.
>>>
>>> Many thanks, for any suggestions :)
>>>
>>> Fran.
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>
>>>
>>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: proxy:ajp 'client denied by server configuration' when too many
simultaneous requests happen
Posted by Fran Boon <fr...@gmail.com>.
On 18 February 2011 20:19, Filip Hanik - Dev Lists <de...@hanik.com> wrote:
> Simplest to try first is the disablereuse flag
> http://httpd.apache.org/docs/2.2/mod/mod_proxy.html
> disablereuse On
> and if that solves the problem, you know that the problem with not enough
> threads on tomcat.
> (Could be from stale connections that are still holding a thread)
Awesome - that makes it at least 10x more reliable!
Still not perfect, but a massive improvement.
Any more suggestions on what I can do to clear the last errors &
generally how to approach this configuration?
(Apache & Tomcat on the same physical server. Load isn't terribly high
right now, but I'd like it to be able to scale. There is 2Gb RAM
available (although this is shared with PostgreSQL which is tuned to
think it has 1024 available for it)
Many thanks :)
Fran.
> Filip
>
> On 02/18/2011 12:24 PM, Fran Boon wrote:
>>
>> httpd error log:
>> client denied by server configuration:
>> proxy:ajp://localhost:8009/geoserver/gwc/service/wms
>>
>> This happens under 'high' load only: 1st few requests of a batch are
>> answered but then they start dying - there are no bad URLs here.
>>
>> httpd snippet:
>> ProxyPreserveHost on
>> RewriteRule ^/geoserver/(.*)$ ajp://localhost:8009/geoserver/$1 [P]
>> ProxyPassReverse /geoserver ajp://localhost:8009/geoserver/
>>
>> <LocationMatch "^(/[\w_]*/geoserver/.*)">
>> Order Allow,Deny
>> Allow from all
>> </LocationMatch>
>>
>> I have tried these configuration options without any apparent difference:
>> <Proxy ajp://localhost:8009>
>> ProxySet keepalive=On timeout=15 ttl=60
>> </Proxy>
>>
>> Happens even with 'Allow from all' in proxy.conf (in fact nothing in
>> that file makes any difference, presumably as it only affects Forward
>> proxies.
>>
>> I have tried with both the default prefork MPM& also the worker MPM.
>>
>> Back-end is GeoServer in Tomcat 6 (exactly same thing happened with
>> 5.5) on Debian Squeeze 64-bit& current Sun JVM.
>> Nothing in the logs at the back-end, though, seems to be a problem
>> with the Connector.
>> Same thing whether or not using the 'APR based Apache Tomcat Native
>> library 1.1.20' or not.
>> I tried putting in a connectionTimeout into server.xml, but it makes
>> no difference:
>> <Connector port="8009" protocol="AJP/1.3" redirectPort="8443"
>> connectionTimeout="60000" />
>>
>> Same with setting the minSpareThreads="32" maxThreads="256"
>> to match those in apache.conf
>> <IfModule mpm_worker_module>
>> StartServers 2
>> MaxClients 256
>> MinSpareThreads 32
>> MaxSpareThreads 128
>> ThreadsPerChild 32
>> MaxRequestsPerChild 1024
>> </IfModule>
>>
>> None of these tuning options seem to make much difference.
>>
>> Only web posts I've seen are the on/off conditions rather than erratic
>> ones.
>>
>> Many thanks, for any suggestions :)
>>
>> Fran.
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>> For additional commands, e-mail: users-help@tomcat.apache.org
>>
>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: proxy:ajp 'client denied by server configuration' when too many
simultaneous requests happen
Posted by Filip Hanik - Dev Lists <de...@hanik.com>.
Simplest to try first is the disablereuse flag
http://httpd.apache.org/docs/2.2/mod/mod_proxy.html
disablereuse On
and if that solves the problem, you know that the problem with not
enough threads on tomcat.
(Could be from stale connections that are still holding a thread)
Filip
On 02/18/2011 12:24 PM, Fran Boon wrote:
> httpd error log:
> client denied by server configuration:
> proxy:ajp://localhost:8009/geoserver/gwc/service/wms
>
> This happens under 'high' load only: 1st few requests of a batch are
> answered but then they start dying - there are no bad URLs here.
>
> httpd snippet:
> ProxyPreserveHost on
> RewriteRule ^/geoserver/(.*)$ ajp://localhost:8009/geoserver/$1 [P]
> ProxyPassReverse /geoserver ajp://localhost:8009/geoserver/
>
> <LocationMatch "^(/[\w_]*/geoserver/.*)">
> Order Allow,Deny
> Allow from all
> </LocationMatch>
>
> I have tried these configuration options without any apparent difference:
> <Proxy ajp://localhost:8009>
> ProxySet keepalive=On timeout=15 ttl=60
> </Proxy>
>
> Happens even with 'Allow from all' in proxy.conf (in fact nothing in
> that file makes any difference, presumably as it only affects Forward
> proxies.
>
> I have tried with both the default prefork MPM& also the worker MPM.
>
> Back-end is GeoServer in Tomcat 6 (exactly same thing happened with
> 5.5) on Debian Squeeze 64-bit& current Sun JVM.
> Nothing in the logs at the back-end, though, seems to be a problem
> with the Connector.
> Same thing whether or not using the 'APR based Apache Tomcat Native
> library 1.1.20' or not.
> I tried putting in a connectionTimeout into server.xml, but it makes
> no difference:
> <Connector port="8009" protocol="AJP/1.3" redirectPort="8443"
> connectionTimeout="60000" />
>
> Same with setting the minSpareThreads="32" maxThreads="256"
> to match those in apache.conf
> <IfModule mpm_worker_module>
> StartServers 2
> MaxClients 256
> MinSpareThreads 32
> MaxSpareThreads 128
> ThreadsPerChild 32
> MaxRequestsPerChild 1024
> </IfModule>
>
> None of these tuning options seem to make much difference.
>
> Only web posts I've seen are the on/off conditions rather than erratic ones.
>
> Many thanks, for any suggestions :)
>
> Fran.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
proxy:ajp 'client denied by server configuration' when too many
simultaneous requests happen
Posted by Fran Boon <fr...@gmail.com>.
httpd error log:
client denied by server configuration:
proxy:ajp://localhost:8009/geoserver/gwc/service/wms
This happens under 'high' load only: 1st few requests of a batch are
answered but then they start dying - there are no bad URLs here.
httpd snippet:
ProxyPreserveHost on
RewriteRule ^/geoserver/(.*)$ ajp://localhost:8009/geoserver/$1 [P]
ProxyPassReverse /geoserver ajp://localhost:8009/geoserver/
<LocationMatch "^(/[\w_]*/geoserver/.*)">
Order Allow,Deny
Allow from all
</LocationMatch>
I have tried these configuration options without any apparent difference:
<Proxy ajp://localhost:8009>
ProxySet keepalive=On timeout=15 ttl=60
</Proxy>
Happens even with 'Allow from all' in proxy.conf (in fact nothing in
that file makes any difference, presumably as it only affects Forward
proxies.
I have tried with both the default prefork MPM & also the worker MPM.
Back-end is GeoServer in Tomcat 6 (exactly same thing happened with
5.5) on Debian Squeeze 64-bit & current Sun JVM.
Nothing in the logs at the back-end, though, seems to be a problem
with the Connector.
Same thing whether or not using the 'APR based Apache Tomcat Native
library 1.1.20' or not.
I tried putting in a connectionTimeout into server.xml, but it makes
no difference:
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443"
connectionTimeout="60000" />
Same with setting the minSpareThreads="32" maxThreads="256"
to match those in apache.conf
<IfModule mpm_worker_module>
StartServers 2
MaxClients 256
MinSpareThreads 32
MaxSpareThreads 128
ThreadsPerChild 32
MaxRequestsPerChild 1024
</IfModule>
None of these tuning options seem to make much difference.
Only web posts I've seen are the on/off conditions rather than erratic ones.
Many thanks, for any suggestions :)
Fran.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: [users@httpd] proxy:ajp 'client denied by server configuration'
when too many simultaneous requests happen
Posted by Fran Boon <fr...@gmail.com>.
On 18 February 2011 22:04, Eric Covener <co...@gmail.com> wrote:
> On Fri, Feb 18, 2011 at 5:01 PM, Fran Boon <fr...@gmail.com> wrote:
>> 2011/2/18 Igor Galić <i....@brainsware.org>:
>>> ----- Original Message -----
>>>> httpd error log:
>>>> client denied by server configuration:
>>>> proxy:ajp://localhost:8009/geoserver/gwc/service/wms
>>>> This happens under 'high' load only (pages usually display
>>> How high? Are we talking high demand, or high CPU?
>> Concurrent requests.
>> If I fire off 10 requests, then say the 1st 4 respond OK, & then the
>> following 6 fail with the 403 'Forbidden'
> Running third-party modules that limit these things?
Good catch!
Seems like it was mod_evasive which was causing the problems - had
been installed by a colleague to secure against DoS attacks, but
inevitably gives problems with legitimate traffic trying to make
simultaneous requests.
Explains exactly both why it was so erratic in behaviour & why I
couldn't see other people having these problems!
/me crawls into a hole in shame...
Many thanks for your help - makes a world of difference :)
Fran.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] proxy:ajp 'client denied by server configuration'
when too many simultaneous requests happen
Posted by Eric Covener <co...@gmail.com>.
On Fri, Feb 18, 2011 at 5:01 PM, Fran Boon <fr...@gmail.com> wrote:
> 2011/2/18 Igor Galić <i....@brainsware.org>:
>> ----- Original Message -----
>>> httpd error log:
>>> client denied by server configuration:
>>> proxy:ajp://localhost:8009/geoserver/gwc/service/wms
>>> This happens under 'high' load only (pages usually display
>> How high? Are we talking high demand, or high CPU?
>
> Concurrent requests.
> If I fire off 10 requests, then say the 1st 4 respond OK, & then the
> following 6 fail with the 403 'Forbidden'
Running third-party modules that limit these things?
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] proxy:ajp 'client denied by server configuration'
when too many simultaneous requests happen
Posted by Fran Boon <fr...@gmail.com>.
2011/2/18 Igor Galić <i....@brainsware.org>:
> ----- Original Message -----
>> httpd error log:
>> client denied by server configuration:
>> proxy:ajp://localhost:8009/geoserver/gwc/service/wms
>> This happens under 'high' load only (pages usually display
> How high? Are we talking high demand, or high CPU?
Concurrent requests.
If I fire off 10 requests, then say the 1st 4 respond OK, & then the
following 6 fail with the 403 'Forbidden'
There is 2Gb RAM on the server, of which more than 1/2 is still free
(no swap used) so I don't believe is's load per se.
(Load average stays low)
>> fine...there's no specific bad URL here).
> Interesting.. usually this is caused by configuration mistakes:
> http://wiki.apache.org/httpd/ClientDeniedByServerConfiguration
Yeah, thumbs pointed me to that doc, which is a nice summary of the
on/off cases, but doesn't help with this concurrency issue...
>> httpd snippet:
>> ProxyPreserveHost on
>> RewriteRule ^/geoserver/(.*)$ ajp://localhost:8009/geoserver/$1 [P]
>> ProxyPassReverse /geoserver ajp://localhost:8009/geoserver/
> Why are you doing that? It doesn't make *any* sense.
> Why not use
> ProxyPass /geoserver/ ajp://localhost:8009/geoserver/
> ProxyPassReverse /geoserver ajp://localhost:8009/geoserver/
> See: http://wiki.apache.org/httpd/WhenNotToUseRewrite
> And: http://www.apachetutor.org/admin/reverseproxies
> Please change it accordingly, and see report back whether
> it's still happening or not.
ok, I'm using rewrite for other things so am in the habit of it, but
yes, it provides no especial gain here.
I tried disabling it - didn't seem to make much odds.
What I am finding luck with is:
disablereuse On
This is easier to apply using the ProxyPass syntax (no need for the
ProxySet method)
>> Happens even with 'Allow from all' in proxy.conf (in fact nothing in
>> that file makes any difference, presumably as it only affects Forward
>> proxies.
> You should probably delete that file.
> Or see:
> http://wiki.apache.org/httpd/DebianDeb0rkification
No love lost, I see ;)
Luckily the file is easily ignored for me :)
>> Back-end is GeoServer in Tomcat 6 (exactly same thing happened with
>> 5.5) on Debian Squeeze 64-bit & current Sun JVM.
>> Nothing in the logs at the back-end, though, seems to be a problem
>> with the Connector.
>> Same thing whether or not using the 'APR based Apache Tomcat Native
>> library 1.1.20' or not.
>> I tried putting in a connectionTimeout into server.xml, but it makes
>> no difference:
>> <Connector port="8009" protocol="AJP/1.3" redirectPort="8443"
>> connectionTimeout="60000" />
>> Only web posts I've seen are the on/off conditions rather than
>> erratic ones.
>> Many thanks, for any suggestions :)
> If all else fails, try using the HTTP connector.
Yup, that's worth a try if I can't fix AJP ;)
Thanks a lot,
Fran.
>> Fran.
> --
> Igor Galić
>
> Tel: +43 (0) 664 886 22 883
> Mail: i.galic@brainsware.org
> URL: http://brainsware.org/
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] proxy:ajp 'client denied by server configuration' when too many simultaneous requests happen
Posted by Igor Galić <i....@brainsware.org>.
----- Original Message -----
> httpd error log:
> client denied by server configuration:
> proxy:ajp://localhost:8009/geoserver/gwc/service/wms
>
> This happens under 'high' load only (pages usually display
> fine...there's no specific bad URL here).
>
> httpd snippet:
> ProxyPreserveHost on
> RewriteRule ^/geoserver/(.*)$ ajp://localhost:8009/geoserver/$1 [P]
> ProxyPassReverse /geoserver ajp://localhost:8009/geoserver/
>
> <LocationMatch "^(/[\w_]*/geoserver/.*)">
> Order Allow,Deny
> Allow from all
> </LocationMatch>
>
> I have tried this without any apparent difference:
> <Proxy ajp://localhost:8009>
> ProxySet keepalive=On timeout=15 ttl=60
> </Proxy>
>
> Happens even with 'Allow from all' in proxy.conf (in fact nothing in
> that file makes any difference, presumably as it only affects Forward
> proxies.
>
> Back-end is GeoServer in Tomcat 6 (exactly same thing happened with
> 5.5) on Debian Squeeze 64-bit & current Sun JVM.
> Nothing in the logs at the back-end, though, seems to be a problem
> with the Connector.
> Same thing whether or not using the 'APR based Apache Tomcat Native
> library 1.1.20' or not.
Not much gain there:
http://tomcat.apache.org/tomcat-6.0-doc/apr.html#AJP
> I tried putting in a connectionTimeout into server.xml, but it makes
> no difference:
> <Connector port="8009" protocol="AJP/1.3" redirectPort="8443"
> connectionTimeout="60000" />
>
> Only web posts I've seen are the on/off conditions rather than
> erratic ones.
If all else fails, try using the HTTP connector.
> Many thanks, for any suggestions :)
>
> Fran.
i
--
Igor Galić
Tel: +43 (0) 664 886 22 883
Mail: i.galic@brainsware.org
URL: http://brainsware.org/
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] proxy:ajp 'client denied by server configuration' when too many simultaneous requests happen
Posted by Igor Galić <i....@brainsware.org>.
----- Original Message -----
> httpd error log:
> client denied by server configuration:
> proxy:ajp://localhost:8009/geoserver/gwc/service/wms
>
> This happens under 'high' load only (pages usually display
How high? Are we talking high demand, or high CPU?
> fine...there's no specific bad URL here).
Interesting.. usually this is caused by configuration mistakes:
http://wiki.apache.org/httpd/ClientDeniedByServerConfiguration
>
> httpd snippet:
> ProxyPreserveHost on
> RewriteRule ^/geoserver/(.*)$ ajp://localhost:8009/geoserver/$1 [P]
> ProxyPassReverse /geoserver ajp://localhost:8009/geoserver/
Why are you doing that? It doesn't make *any* sense.
Why not use
ProxyPass /geoserver/ ajp://localhost:8009/geoserver/
ProxyPassReverse /geoserver ajp://localhost:8009/geoserver/
See: http://wiki.apache.org/httpd/WhenNotToUseRewrite
And: http://www.apachetutor.org/admin/reverseproxies
Please change it accordingly, and see report back whether
it's still happening or not.
> <LocationMatch "^(/[\w_]*/geoserver/.*)">
> Order Allow,Deny
> Allow from all
> </LocationMatch>
>
> I have tried this without any apparent difference:
> <Proxy ajp://localhost:8009>
> ProxySet keepalive=On timeout=15 ttl=60
> </Proxy>
>
> Happens even with 'Allow from all' in proxy.conf (in fact nothing in
> that file makes any difference, presumably as it only affects Forward
> proxies.
You should probably delete that file.
Or see:
http://wiki.apache.org/httpd/DebianDeb0rkification
> Back-end is GeoServer in Tomcat 6 (exactly same thing happened with
> 5.5) on Debian Squeeze 64-bit & current Sun JVM.
>
> Nothing in the logs at the back-end, though, seems to be a problem
> with the Connector.
> Same thing whether or not using the 'APR based Apache Tomcat Native
> library 1.1.20' or not.
> I tried putting in a connectionTimeout into server.xml, but it makes
> no difference:
> <Connector port="8009" protocol="AJP/1.3" redirectPort="8443"
> connectionTimeout="60000" />
>
> Only web posts I've seen are the on/off conditions rather than
> erratic ones.
>
> Many thanks, for any suggestions :)
>
> Fran.
i
--
Igor Galić
Tel: +43 (0) 664 886 22 883
Mail: i.galic@brainsware.org
URL: http://brainsware.org/
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org