* Introduce environment variable proxy-initial-not-pooled to avoid reusing
pooled connections if the client connection is an initial connection.
This avoids the "proxy: error reading status line from remote server"
error caused by the race condition that the backend server closed the
connection after the connection check on our side and before our data
reached the backend. Yes, this downgrades performance, especially with
HTTP/1.0 clients. Hence it is configurable and off by default.
PR: 37770
* Add missing documentation for proxy-initial-not-pooled (r684351).
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@691230
13f79535-47bb-0310-9956-
ffa450edef68
mod_proxy_ftp: Prevent XSS attacks when using wildcards in the path of
the FTP URL. Discovered by Marc Bevand of Rapid7. [Ruediger Pluem]
+ *) mod_proxy_http: Introduce environment variable proxy-initial-not-pooled to
+ avoid reusing pooled connections if the client connection is an initial
+ connection. PR 37770. [Ruediger Pluem]
+
*) mod_rewrite: Allow Cookie option to set secure and HttpOnly flags.
PR 44799 [Christian Wenz <christian wenz.org>]
</section>
<section id="proxy"><title>force-proxy-request-1.0, proxy-nokeepalive, proxy-sendchunked,
- proxy-sendcl, proxy-chain-auth, proxy-interim-response</title>
+ proxy-sendcl, proxy-chain-auth, proxy-interim-response, proxy-initial-not-pooled</title>
<p>These directives alter the protocol behavior of
<module>mod_proxy</module>. See the <module>mod_proxy</module> and <module>mod_proxy_http</module>
<code>proxy-interim-response RFC</code> to be fully protocol
compliant, or <code>proxy-interim-response Suppress</code>
to suppress interim responses.</dd>
+ <dt>proxy-initial-not-pooled</dt>
+ <dd>If this variable is set no pooled connection will be reused
+ if the client connection is an initial connection. This avoids
+ the "proxy: error reading status line from remote server" error message
+ caused by the race condition that the backend server closed the
+ pooled connection after the connection check by the proxy and
+ before data send by the proxy reached the backend. It has to be
+ kept in mind that setting this variable downgrades performance,
+ especially with HTTP/1.0 clients.
+ </dd>
</dl>
</section>
ap_proxy_ssl_connection_cleanup(backend, r);
}
+ /*
+ * In the case that we are handling a reverse proxy connection and this
+ * is not a request that is coming over an already kept alive connection
+ * with the client, do NOT reuse the connection to the backend, because
+ * we cannot forward a failure to the client in this case as the client
+ * does NOT expects this in this situation.
+ * Yes, this creates a performance penalty.
+ */
+ if ((r->proxyreq == PROXYREQ_REVERSE) && (!c->keepalives)
+ && (apr_table_get(r->subprocess_env, "proxy-initial-not-pooled"))) {
+ backend->close = 1;
+ }
+
/* Step One: Determine Who To Connect To */
if ((status = ap_proxy_determine_connection(p, r, conf, worker, backend,
uri, &url, proxyname,
else {
conn->addr = worker->cp->addr;
}
+ /* Close a possible existing socket if we are told to do so */
+ if (conn->close) {
+ socket_cleanup(conn);
+ conn->close = 0;
+ }
if (err != APR_SUCCESS) {
return ap_proxyerror(r, HTTP_BAD_GATEWAY,
projects / thirdparty / apache / httpd.git / commitdiff
