From ec2cc701f9aed87b3eb00f9f53e47cc074a491ea Mon Sep 17 00:00:00 2001 From: Eric Covener Date: Tue, 2 Sep 2008 13:07:50 +0000 Subject: [PATCH] Merge r684351, r686549 from trunk: * Introduce environment variable proxy-initial-not-pooled to avoid reusing pooled connections if the client connection is an initial connection. This avoids the "proxy: error reading status line from remote server" error caused by the race condition that the backend server closed the connection after the connection check on our side and before our data reached the backend. Yes, this downgrades performance, especially with HTTP/1.0 clients. Hence it is configurable and off by default. PR: 37770 * Add missing documentation for proxy-initial-not-pooled (r684351). git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@691230 13f79535-47bb-0310-9956-ffa450edef68 --- CHANGES | 4 ++++ docs/manual/env.xml | 2 +- docs/manual/mod/mod_proxy_http.xml | 10 ++++++++++ modules/proxy/mod_proxy_http.c | 13 +++++++++++++ modules/proxy/proxy_util.c | 5 +++++ 5 files changed, 33 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index b501405b352..2bcc04279d8 100644 --- a/CHANGES +++ b/CHANGES @@ -5,6 +5,10 @@ Changes with Apache 2.2.10 mod_proxy_ftp: Prevent XSS attacks when using wildcards in the path of the FTP URL. Discovered by Marc Bevand of Rapid7. [Ruediger Pluem] + *) mod_proxy_http: Introduce environment variable proxy-initial-not-pooled to + avoid reusing pooled connections if the client connection is an initial + connection. PR 37770. [Ruediger Pluem] + *) mod_rewrite: Allow Cookie option to set secure and HttpOnly flags. PR 44799 [Christian Wenz ] diff --git a/docs/manual/env.xml b/docs/manual/env.xml index 125dd753bfd..0e3acf3271b 100644 --- a/docs/manual/env.xml +++ b/docs/manual/env.xml @@ -390,7 +390,7 @@
force-proxy-request-1.0, proxy-nokeepalive, proxy-sendchunked, - proxy-sendcl, proxy-chain-auth, proxy-interim-response + proxy-sendcl, proxy-chain-auth, proxy-interim-response, proxy-initial-not-pooled

These directives alter the protocol behavior of mod_proxy. See the mod_proxy and mod_proxy_http diff --git a/docs/manual/mod/mod_proxy_http.xml b/docs/manual/mod/mod_proxy_http.xml index f92a86facc2..1d7ae94191d 100644 --- a/docs/manual/mod/mod_proxy_http.xml +++ b/docs/manual/mod/mod_proxy_http.xml @@ -101,6 +101,16 @@ proxy-interim-response RFC to be fully protocol compliant, or proxy-interim-response Suppress to suppress interim responses. +

proxy-initial-not-pooled
+
If this variable is set no pooled connection will be reused + if the client connection is an initial connection. This avoids + the "proxy: error reading status line from remote server" error message + caused by the race condition that the backend server closed the + pooled connection after the connection check by the proxy and + before data send by the proxy reached the backend. It has to be + kept in mind that setting this variable downgrades performance, + especially with HTTP/1.0 clients. +
diff --git a/modules/proxy/mod_proxy_http.c b/modules/proxy/mod_proxy_http.c index b8dcbbaa084..791c1dba499 100644 --- a/modules/proxy/mod_proxy_http.c +++ b/modules/proxy/mod_proxy_http.c @@ -1929,6 +1929,19 @@ static int proxy_http_handler(request_rec *r, proxy_worker *worker, ap_proxy_ssl_connection_cleanup(backend, r); } + /* + * In the case that we are handling a reverse proxy connection and this + * is not a request that is coming over an already kept alive connection + * with the client, do NOT reuse the connection to the backend, because + * we cannot forward a failure to the client in this case as the client + * does NOT expects this in this situation. + * Yes, this creates a performance penalty. + */ + if ((r->proxyreq == PROXYREQ_REVERSE) && (!c->keepalives) + && (apr_table_get(r->subprocess_env, "proxy-initial-not-pooled"))) { + backend->close = 1; + } + /* Step One: Determine Who To Connect To */ if ((status = ap_proxy_determine_connection(p, r, conf, worker, backend, uri, &url, proxyname, diff --git a/modules/proxy/proxy_util.c b/modules/proxy/proxy_util.c index 6b3b13a3387..abc056cd535 100644 --- a/modules/proxy/proxy_util.c +++ b/modules/proxy/proxy_util.c @@ -2168,6 +2168,11 @@ ap_proxy_determine_connection(apr_pool_t *p, request_rec *r, else { conn->addr = worker->cp->addr; } + /* Close a possible existing socket if we are told to do so */ + if (conn->close) { + socket_cleanup(conn); + conn->close = 0; + } if (err != APR_SUCCESS) { return ap_proxyerror(r, HTTP_BAD_GATEWAY, -- 2.47.2