You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by co...@apache.org on 2008/09/02 15:07:51 UTC

svn commit: r691230 - in /httpd/httpd/branches/2.2.x: CHANGES docs/ docs/manual/env.xml docs/manual/mod/mod_proxy_http.xml modules/proxy/mod_proxy_http.c modules/proxy/proxy_util.c

Author: covener
Date: Tue Sep  2 06:07:50 2008
New Revision: 691230

URL: http://svn.apache.org/viewvc?rev=691230&view=rev
Log:
Merge r684351, r686549 from trunk:

* Introduce environment variable proxy-initial-not-pooled to avoid reusing
  pooled connections if the client connection is an initial connection.
  This avoids the "proxy: error reading status line from remote server"
  error caused by the race condition that the backend server closed the
  connection after the connection check on our side and before our data
  reached the backend. Yes, this downgrades performance, especially with
  HTTP/1.0 clients. Hence it is configurable and off by default.

PR: 37770


* Add missing documentation for proxy-initial-not-pooled (r684351).


Modified:
    httpd/httpd/branches/2.2.x/CHANGES
    httpd/httpd/branches/2.2.x/docs/   (props changed)
    httpd/httpd/branches/2.2.x/docs/manual/env.xml
    httpd/httpd/branches/2.2.x/docs/manual/mod/mod_proxy_http.xml
    httpd/httpd/branches/2.2.x/modules/proxy/mod_proxy_http.c
    httpd/httpd/branches/2.2.x/modules/proxy/proxy_util.c

Modified: httpd/httpd/branches/2.2.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?rev=691230&r1=691229&r2=691230&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.2.x/CHANGES [utf-8] Tue Sep  2 06:07:50 2008
@@ -5,6 +5,10 @@
      mod_proxy_ftp: Prevent XSS attacks when using wildcards in the path of
      the FTP URL. Discovered by Marc Bevand of Rapid7. [Ruediger Pluem]
 
+  *) mod_proxy_http: Introduce environment variable proxy-initial-not-pooled to
+     avoid reusing pooled connections if the client connection is an initial
+     connection. PR 37770. [Ruediger Pluem]
+
   *) mod_rewrite: Allow Cookie option to set secure and HttpOnly flags.
      PR 44799 [Christian Wenz <christian wenz.org>]
 

Propchange: httpd/httpd/branches/2.2.x/docs/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Tue Sep  2 06:07:50 2008
@@ -1 +1 @@
-/httpd/httpd/trunk/docs:647395,660461,660566,664330,675610,678761,682369,683626,685112,686805,686809,687099,687754
+/httpd/httpd/trunk/docs:647395,660461,660566,664330,675610,678761,682369,683626,684351,685112,686549,686805,686809,687099,687754

Modified: httpd/httpd/branches/2.2.x/docs/manual/env.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/docs/manual/env.xml?rev=691230&r1=691229&r2=691230&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/docs/manual/env.xml (original)
+++ httpd/httpd/branches/2.2.x/docs/manual/env.xml Tue Sep  2 06:07:50 2008
@@ -390,7 +390,7 @@
    </section>
 
    <section id="proxy"><title>force-proxy-request-1.0, proxy-nokeepalive, proxy-sendchunked,
-   proxy-sendcl, proxy-chain-auth, proxy-interim-response</title>
+   proxy-sendcl, proxy-chain-auth, proxy-interim-response, proxy-initial-not-pooled</title>
 
    <p>These directives alter the protocol behavior of
    <module>mod_proxy</module>.  See the <module>mod_proxy</module> and <module>mod_proxy_http</module>

Modified: httpd/httpd/branches/2.2.x/docs/manual/mod/mod_proxy_http.xml
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/docs/manual/mod/mod_proxy_http.xml?rev=691230&r1=691229&r2=691230&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/docs/manual/mod/mod_proxy_http.xml (original)
+++ httpd/httpd/branches/2.2.x/docs/manual/mod/mod_proxy_http.xml Tue Sep  2 06:07:50 2008
@@ -101,6 +101,16 @@
         <code>proxy-interim-response RFC</code> to be fully protocol
         compliant, or <code>proxy-interim-response Suppress</code>
         to suppress interim responses.</dd>
+        <dt>proxy-initial-not-pooled</dt>
+        <dd>If this variable is set no pooled connection will be reused
+        if the client connection is an initial connection. This avoids
+        the "proxy: error reading status line from remote server" error message
+        caused by the race condition that the backend server closed the
+        pooled connection after the connection check by the proxy and
+        before data send by the proxy reached the backend. It has to be
+        kept in mind that setting this variable downgrades performance,
+        especially with HTTP/1.0 clients.
+        </dd>
     </dl>
 </section>
 

Modified: httpd/httpd/branches/2.2.x/modules/proxy/mod_proxy_http.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/proxy/mod_proxy_http.c?rev=691230&r1=691229&r2=691230&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/modules/proxy/mod_proxy_http.c (original)
+++ httpd/httpd/branches/2.2.x/modules/proxy/mod_proxy_http.c Tue Sep  2 06:07:50 2008
@@ -1929,6 +1929,19 @@
         ap_proxy_ssl_connection_cleanup(backend, r);
     }
 
+    /*
+     * In the case that we are handling a reverse proxy connection and this
+     * is not a request that is coming over an already kept alive connection
+     * with the client, do NOT reuse the connection to the backend, because
+     * we cannot forward a failure to the client in this case as the client
+     * does NOT expects this in this situation.
+     * Yes, this creates a performance penalty.
+     */
+    if ((r->proxyreq == PROXYREQ_REVERSE) && (!c->keepalives)
+        && (apr_table_get(r->subprocess_env, "proxy-initial-not-pooled"))) {
+        backend->close = 1;
+    }
+
     /* Step One: Determine Who To Connect To */
     if ((status = ap_proxy_determine_connection(p, r, conf, worker, backend,
                                                 uri, &url, proxyname,

Modified: httpd/httpd/branches/2.2.x/modules/proxy/proxy_util.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/proxy/proxy_util.c?rev=691230&r1=691229&r2=691230&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/modules/proxy/proxy_util.c (original)
+++ httpd/httpd/branches/2.2.x/modules/proxy/proxy_util.c Tue Sep  2 06:07:50 2008
@@ -2168,6 +2168,11 @@
     else {
         conn->addr = worker->cp->addr;
     }
+    /* Close a possible existing socket if we are told to do so */
+    if (conn->close) {
+        socket_cleanup(conn);
+        conn->close = 0;
+    }
 
     if (err != APR_SUCCESS) {
         return ap_proxyerror(r, HTTP_BAD_GATEWAY,