You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by co...@apache.org on 2008/09/02 15:07:51 UTC
svn commit: r691230 - in /httpd/httpd/branches/2.2.x: CHANGES docs/
docs/manual/env.xml docs/manual/mod/mod_proxy_http.xml
modules/proxy/mod_proxy_http.c modules/proxy/proxy_util.c
Author: covener
Date: Tue Sep 2 06:07:50 2008
New Revision: 691230
URL: http://svn.apache.org/viewvc?rev=691230&view=rev
Log:
Merge r684351, r686549 from trunk:
* Introduce environment variable proxy-initial-not-pooled to avoid reusing
pooled connections if the client connection is an initial connection.
This avoids the "proxy: error reading status line from remote server"
error caused by the race condition that the backend server closed the
connection after the connection check on our side and before our data
reached the backend. Yes, this downgrades performance, especially with
HTTP/1.0 clients. Hence it is configurable and off by default.
PR: 37770
* Add missing documentation for proxy-initial-not-pooled (r684351).
Modified:
httpd/httpd/branches/2.2.x/CHANGES
httpd/httpd/branches/2.2.x/docs/ (props changed)
httpd/httpd/branches/2.2.x/docs/manual/env.xml
httpd/httpd/branches/2.2.x/docs/manual/mod/mod_proxy_http.xml
httpd/httpd/branches/2.2.x/modules/proxy/mod_proxy_http.c
httpd/httpd/branches/2.2.x/modules/proxy/proxy_util.c
Modified: httpd/httpd/branches/2.2.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?rev=691230&r1=691229&r2=691230&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.2.x/CHANGES [utf-8] Tue Sep 2 06:07:50 2008
@@ -5,6 +5,10 @@
mod_proxy_ftp: Prevent XSS attacks when using wildcards in the path of
the FTP URL. Discovered by Marc Bevand of Rapid7. [Ruediger Pluem]
+ *) mod_proxy_http: Introduce environment variable proxy-initial-not-pooled to
+ avoid reusing pooled connections if the client connection is an initial
+ connection. PR 37770. [Ruediger Pluem]
+
*) mod_rewrite: Allow Cookie option to set secure and HttpOnly flags.
PR 44799 [Christian Wenz <christian wenz.org>]
Propchange: httpd/httpd/branches/2.2.x/docs/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Tue Sep 2 06:07:50 2008
@@ -1 +1 @@
-/httpd/httpd/trunk/docs:647395,660461,660566,664330,675610,678761,682369,683626,685112,686805,686809,687099,687754
+/httpd/httpd/trunk/docs:647395,660461,660566,664330,675610,678761,682369,683626,684351,685112,686549,686805,686809,687099,687754
Modified: httpd/httpd/branches/2.2.x/docs/manual/env.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/docs/manual/env.xml?rev=691230&r1=691229&r2=691230&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/docs/manual/env.xml (original)
+++ httpd/httpd/branches/2.2.x/docs/manual/env.xml Tue Sep 2 06:07:50 2008
@@ -390,7 +390,7 @@
</section>
<section id="proxy"><title>force-proxy-request-1.0, proxy-nokeepalive, proxy-sendchunked,
- proxy-sendcl, proxy-chain-auth, proxy-interim-response</title>
+ proxy-sendcl, proxy-chain-auth, proxy-interim-response, proxy-initial-not-pooled</title>
<p>These directives alter the protocol behavior of
<module>mod_proxy</module>. See the <module>mod_proxy</module> and <module>mod_proxy_http</module>
Modified: httpd/httpd/branches/2.2.x/docs/manual/mod/mod_proxy_http.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/docs/manual/mod/mod_proxy_http.xml?rev=691230&r1=691229&r2=691230&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/docs/manual/mod/mod_proxy_http.xml (original)
+++ httpd/httpd/branches/2.2.x/docs/manual/mod/mod_proxy_http.xml Tue Sep 2 06:07:50 2008
@@ -101,6 +101,16 @@
<code>proxy-interim-response RFC</code> to be fully protocol
compliant, or <code>proxy-interim-response Suppress</code>
to suppress interim responses.</dd>
+ <dt>proxy-initial-not-pooled</dt>
+ <dd>If this variable is set no pooled connection will be reused
+ if the client connection is an initial connection. This avoids
+ the "proxy: error reading status line from remote server" error message
+ caused by the race condition that the backend server closed the
+ pooled connection after the connection check by the proxy and
+ before data send by the proxy reached the backend. It has to be
+ kept in mind that setting this variable downgrades performance,
+ especially with HTTP/1.0 clients.
+ </dd>
</dl>
</section>
Modified: httpd/httpd/branches/2.2.x/modules/proxy/mod_proxy_http.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/proxy/mod_proxy_http.c?rev=691230&r1=691229&r2=691230&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/modules/proxy/mod_proxy_http.c (original)
+++ httpd/httpd/branches/2.2.x/modules/proxy/mod_proxy_http.c Tue Sep 2 06:07:50 2008
@@ -1929,6 +1929,19 @@
ap_proxy_ssl_connection_cleanup(backend, r);
}
+ /*
+ * In the case that we are handling a reverse proxy connection and this
+ * is not a request that is coming over an already kept alive connection
+ * with the client, do NOT reuse the connection to the backend, because
+ * we cannot forward a failure to the client in this case as the client
+ * does NOT expects this in this situation.
+ * Yes, this creates a performance penalty.
+ */
+ if ((r->proxyreq == PROXYREQ_REVERSE) && (!c->keepalives)
+ && (apr_table_get(r->subprocess_env, "proxy-initial-not-pooled"))) {
+ backend->close = 1;
+ }
+
/* Step One: Determine Who To Connect To */
if ((status = ap_proxy_determine_connection(p, r, conf, worker, backend,
uri, &url, proxyname,
Modified: httpd/httpd/branches/2.2.x/modules/proxy/proxy_util.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/proxy/proxy_util.c?rev=691230&r1=691229&r2=691230&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/modules/proxy/proxy_util.c (original)
+++ httpd/httpd/branches/2.2.x/modules/proxy/proxy_util.c Tue Sep 2 06:07:50 2008
@@ -2168,6 +2168,11 @@
else {
conn->addr = worker->cp->addr;
}
+ /* Close a possible existing socket if we are told to do so */
+ if (conn->close) {
+ socket_cleanup(conn);
+ conn->close = 0;
+ }
if (err != APR_SUCCESS) {
return ap_proxyerror(r, HTTP_BAD_GATEWAY,