You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Joe Orton <jo...@redhat.com> on 2006/02/27 11:18:15 UTC

proxy keepalive handling

(somewhat more appropriate $SUBJECT now ;)

On Thu, Feb 23, 2006 at 10:20:08PM +0100, Ruediger Pluem wrote:
> There is an interesting bug regarding this topic:
> 
> http://issues.apache.org/bugzilla/show_bug.cgi?id=38763
> 
> It seems that we do not have to worry about resending POSTs at all because of
> 
> 8.1.4 of RFC2616 (http://www.w3.org/Protocols/rfc2616/rfc2616-sec8.html)
...
> POST does not seem to be an idempotent method to me.

Excellent point, yes. This could imply that case (a) in my proposal 
should be modified such that it is only used for methods known to be 
idempotent.  This would however require the proxy to have knowledge of 
whether any arbitrary HTTP method is idempotent or not!

But - if the downstream client sent a request with a non-idempotent 
method on a keptalive connection, then it is already risking having to 
resend said request after a connection timeout.  So it would not seem 
unreasonable to ignore this case, and leave it to the discretion of the 
client.  (if clients will only send non-idempotent requests as the first 
request on the connection, then my case (b) will always apply to them)

w.r.t. your other questions (sorry for the slow reponses):

- I haven't tested how The Browsers behave:, but I'd bet that they will 
both send POST requests on keptalive connections, and will automatically 
retry them if the connection is closed.

- I think the "A client, server, or proxy MAY close the transport 
connection at any time." statement in 8.1.4 means it is RFC-compliant to 
have the proxy just drop the connection without sending a response like 
this.

- I don't think that allowing a client to force the proxy to close a 
backend connection is in any way a security issue; it doesn't cause a 
denial of service or anything.  There are various cases in 2616, such as 
an unrecognized content-coding in the request, which require the 
*server* to close the connection anyway.

> Even retransmitting GETs with parameters in the URL seems dangerous to 
> me.

The opposing view is that 2616 says that GET is idempotent, and 2616 is 
The Law.  Pick one ;)

Regards,

joe