BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Apache reverse-proxy closing my connection?

Subject: Apache reverse-proxy closing my connection?
From: gboyce-qL0WqcyiFk9Wk0Htik3J/w at public.gmane.org (Gregory Boyce)
Date: Mon, 16 May 2011 12:58:45 -0400
In-reply-to: <sjm62pdnd2f.fsf-rCjn+dgJx7nFHB7ageuUnw@public.gmane.org>
References: <sjm62pdnd2f.fsf@pgpdev.ihtfp.org>

Two things I noticed:

1) NTLM auth may not work properly via  proxy.

http://www.gossamer-threads.com/lists/apache/dev/312633

2) disablereuse=on and keepalive=on are contractory.  Both are
referring to the persistence of the backend connection rather than the
frontend.  keepalive=on turns it on while disablereuse turns it off.

> ProxyRequests off
> ProxyPass / http://172.16.64.10/ timeout=300 disablereuse=on nocanon keepalive=on
> ProxyPassReverse http://172.16.64.10/ /
> ProxyPassReverseCookieDomain 172.16.64.10 127.0.0.1
> ProxyVia off

Is frontend persistence enabled somewhere else in the configuration?

On Sat, May 14, 2011 at 6:15 PM, Derek Atkins <warlord-3s7WtUTddSA at public.gmane.org> wrote:
> Hey,
>
> I'm trying to setup Apache as a reverse proxy but it looks like Apache
> is improperly closing my connection. ?From the wireshark output I see
> the following transactions which clearly show that the connection
> *should* be kept alive, but the proxy is adding a "Connection: close" to
> the final response:
>
> CLIENT -> PROXY:
>
> GET /Pages/Default.aspx HTTP/1.1
> Host: 127.0.0.1
> User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.12) Gecko/20100907 Fedora/3.5.12-1.fc12 Firefox/3.5.12
> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
> Accept-Language: en-us,en;q=0.5
> Accept-Encoding: gzip,deflate
> Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
> Keep-Alive: 300
> Connection: keep-alive
> Cookie: WSS_KeepSessionAuthenticated=80
> Pragma: no-cache, no-cache
> Cache-Control: no-cache, no-cache
> Authorization: NTLM TlRMTVNTUAABAAAAB4IIAAAAAAAAAAAAAAAAAAAAAAA=
>
> PROXY -> BACKEND SERVER:
>
> GET /Pages/Default.aspx HTTP/1.1
> Host: 172.16.64.10
> User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.12) Gecko/20100907 Fedora/3.5.12-1.fc12 Firefox/3.5.12
> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
> Accept-Language: en-us,en;q=0.5
> Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
> Cookie: WSS_KeepSessionAuthenticated=80
> Pragma: no-cache, no-cache
> Cache-Control: no-cache, no-cache
> Authorization: NTLM <auth data here>
> X-Forwarded-For: 127.0.0.1
> X-Forwarded-Host: 127.0.0.1
> X-Forwarded-Server: pgpdev.ihtfp.org
> Connection: Keep-Alive
>
> BACKEND SERVER -> PROXY:
>
>
> HTTP/1.1 401 Unauthorized
> Content-Length: 1539
> Content-Type: text/html
> Server: Microsoft-IIS/6.0
> WWW-Authenticate: NTLM <challenge data here>
> X-Powered-By: ASP.NET
> MicrosoftSharePointTeamServices: 12.0.0.6421
> Date: Fri, 13 May 2011 20:14:24 GMT
>
> <data>
>
> But finally the PROXY -> CLIENT:
>
> HTTP/1.1 401 Unauthorized
> Date: Fri, 13 May 2011 20:14:24 GMT
> Server: Microsoft-IIS/6.0
> Content-Length: 1539
> Content-Type: text/html; charset=UTF-8
> WWW-Authenticate: NTLM <challenge data here>
> X-Powered-By: ASP.NET
> MicrosoftSharePointTeamServices: 12.0.0.6421
> Connection: close
>
> <data>
>
>
> Note the "Connection: close" in the Proxy -> client response! ?However
> the response from the backend server to the proxy clearly is a
> keep-alive, as it's an HTTP/1.1 and doesn't have a Connection header.
> Is there something missing from my Apache configuration? ?Is this a bug
> in Apache (I'm using version 2.2.15)? ?Here's the relevant configuration
> (for my testing purposes, I've tried setting many different Proxy
> options to try to get it working):
>
> ProxyRequests off
> ProxyPass / http://172.16.64.10/ timeout=300 disablereuse=on nocanon keepalive=on
> ProxyPassReverse http://172.16.64.10/ /
> ProxyPassReverseCookieDomain 172.16.64.10 127.0.0.1
> ProxyVia off
>
> <Location />
> ProxyPassReverse /
> RequestHeader ? ?unset ?Accept-Encoding
> </Location>
>
> Any suggestions?
>
> Thanks!
>
> -derek
>
> --
> ? ? ? Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
> ? ? ? Member, MIT Student Information Processing Board ?(SIPB)
> ? ? ? URL: http://web.mit.edu/warlord/ ? ?PP-ASEL-IA ? ? N1NWH
> ? ? ? warlord-DPNOqEs/LNQ at public.gmane.org ? ? ? ? ? ? ? ? ? ? ? ?PGP key available
> _______________________________________________
> Discuss mailing list
> Discuss-mNDKBlG2WHs at public.gmane.org
> http://lists.blu.org/mailman/listinfo/discuss
>

References:
- Apache reverse-proxy closing my connection?
  - From: warlord-DPNOqEs/LNQ at public.gmane.org (Derek Atkins)

Prev by Date: How to: find high speed data access, non-retail.
Next by Date: Apache reverse-proxy closing my connection?
Previous by thread: Apache reverse-proxy closing my connection?
Next by thread: Apache reverse-proxy closing my connection?
Index(es):
- Date
- Thread


BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Boston Linux & Unix / webmaster@blu.org