You are viewing a plain text version of this content. The canonical link for it is here.
Posted to docs@httpd.apache.org by bu...@apache.org on 2017/12/04 17:06:48 UTC
[Bug 61855] New: Using mod_rewrite and mod_proxy does not allow for
backend keep-alive
https://bz.apache.org/bugzilla/show_bug.cgi?id=61855
Bug ID: 61855
Summary: Using mod_rewrite and mod_proxy does not allow for
backend keep-alive
Product: Apache httpd-2
Version: 2.5-HEAD
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Documentation
Assignee: docs@httpd.apache.org
Reporter: dmulford@redhat.com
Target Milestone: ---
When using mod_rewrite and mod_proxy together to create a reverse proxy based
on the Host http header, connection reuse is disabled.
Here is a sample configuration:
--- SAMPLE CONFIG ---
RewriteEngine On
RewriteRule .* - [E=TARGET:%{HTTP_HOST}]
SSLProxyEngine on
SSLProxyCheckPeerName off
SSLProxyCheckPeerCN off
SSLProxyCACertificatePath /etc/certs/
SSLProxyVerify none
ProxyPass / https://${TARGET}/ retry=0 ttl=5 keepalive=on interpolate
ProxyPassReverse / https://${RARGET}/ interpolate
ProxyPassInterpolateEnv on
ProxyPreserveHost On
--- END SAMPLE CONFIG ---
It was thought that this would allow connection reuse and lower the CPU usage
due to SSL negotiation not being repeated. However, this doesn't work, and a
new backend connection is created for every request.
I'd like to suggest a documentation update that explicitly calls this out so
future users will learn this information sooner. This update could go in the
following places:
https://httpd.apache.org/docs/2.4/mod/mod_rewrite.html
https://httpd.apache.org/docs/2.4/mod/mod_proxy.html
Note the following:
- The mod_rewrite proxy flag [P] is not being used here
- The security implication of using the Host header to determine backend
server is known, and is something that is worked around through other means.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org
[Bug 61855] Using mod_rewrite and mod_proxy does not allow for
backend keep-alive
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=61855
--- Comment #1 from Luca Toscano <to...@gmail.com> ---
Hi Dave,
did you try the mod_proxy options disablereuse/enablereuse?
https://httpd.apache.org/docs/current/mod/mod_proxy.html
Luca
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org
[Bug 61855] Using mod_rewrite and mod_proxy does not allow for
backend keep-alive
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=61855
Eric Covener <co...@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |WONTFIX
--- Comment #2 from Eric Covener <co...@gmail.com> ---
(In reply to Dave Mulford from comment #0)
> When using mod_rewrite and mod_proxy together to create a reverse proxy
> based on the Host http header, connection reuse is disabled.
>
> Here is a sample configuration:
>
> --- SAMPLE CONFIG ---
> RewriteEngine On
> RewriteRule .* - [E=TARGET:%{HTTP_HOST}]
>
> SSLProxyEngine on
> SSLProxyCheckPeerName off
> SSLProxyCheckPeerCN off
> SSLProxyCACertificatePath /etc/certs/
> SSLProxyVerify none
>
> ProxyPass / https://${TARGET}/ retry=0 ttl=5 keepalive=on interpolate
> ProxyPassReverse / https://${RARGET}/ interpolate
> ProxyPassInterpolateEnv on
> ProxyPreserveHost On
> --- END SAMPLE CONFIG ---
For reuse, the server needs to know the backend workers in advance. TARGET is
not known until request processing. You need to list out the backends you want
a dedicated worker for.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org