Apache reverse proxy does not communicate with web apps using HTTP 1.1 keepalive

Apache reverse proxy does not communicate with web apps using HTTP 1.1 keepalive

Post by trimi » Wed, 23 Oct 2002 22:58:49



Hi all,

Problem: Apache reverse proxy does not communicate with web apps using
HTTP 1.1 keepalive

Situation:

The main goal of my reverse proxy is:
- encryption / decryption SSL (HTTPS)
- forward to appA and appB within HTTP

I am using Apache 1.3.23 compiled with mod_proxy et mod_ssl as a
reverse proxy.
As far as i know, apache 1.3.23 version accepts HTTP 1.1 requests

According to the logs, it seems that exchanges between a client and
the reverse proxy is based on HTTP 1.1.
But, when i log exchanges between reverse proxy and app servers
(apache or IIS), i see HTTP 1.0 with connection Closed (non Keepalive)
even if the client is not Internet Explorer (because it is stricky
using SSL with IE so i force downgrade to HTTP 1.0 non keepalive)

What i want is that the reverse proxy communicates with apps servers
with Keepalive connection

Any ideas will be greately appreciated.
Thank you in advance.

triminh

Below an illustration of the usage of my reverse proxy

               Client Navigator (https://mysite.com/appA/)
                     |
                     | SSL - HTTPS
                     v
             /---------------------\
             |  ReverseProxy       |
             |       |             |
             |       | SSL - HTTPS |
             |       v             |
             |    Mod_SSL/Rewrite  |
             |       |             |
             |       |  HTTP       |
             |       v             |
             |     Proxy           |
             \---------------------/
                     |
                     | HTTP
                     v
                http://www.veryComputer.com/

Here my httpd.conf file:

###################################################
#               REVERSE PROXY HTTPS               #
###################################################

ServerType standalone
ServerRoot "/appl/Apache"
PidFile /appl/Apache/logs/httpd.pid
ScoreBoardFile /appl/Apache/logs/httpd.scoreboard
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 15
MinSpareServers 5
MaxSpareServers 10
StartServers 5
MaxClients 150
MaxRequestsPerChild 0

Listen 28.1.2.3:80
Listen 28.1.2.3:443

ServerName mysite.com

User user1
Group group1

HostnameLookups Off
ErrorLog /appl/Apache/logs/error.log

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\"
\"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%h %t \"%r\" %>s " perso
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
CustomLog "|/appl/Apache/bin/rotatelogs /appl/Apache/logs/access.log
86400" perso
ServerSignature Off

######################
# SSL Global Context #
######################
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl

<IfModule mod_ssl.c>
SSLPassPhraseDialog exec:/appl/Apache/conf/ssl.key/PassPhrase
SSLSessionCache         dbm:/appl/Apache/logs/ssl_scache
SSLSessionCacheTimeout  300
SSLMutex  file:/appl/Apache/logs/ssl_mutex
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLProtocol all
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0
</IfModule>

Rewri*gine on
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [L,R]

NameVirtualHost 28.1.2.3:80
NameVirtualHost 28.1.2.3:443

<VirtualHost 28.1.2.3:80>
ServerName mysite.com
Rewri*gine on
RewriteOptions inherit
</VirtualHost>

<VirtualHost 28.1.2.3:443>
ServerName mysite.com
SSLEngine on
SSLCertificateFile /appl/Apache/conf/ssl.crt/mysite.com.crt
SSLCertificateKeyFile /appl/Apache/conf/ssl.key/mysite.com.key
SSLCertificateChainFile /appl/Apache/conf/ssl.crt/verisign.crt
# App A
ProxyPass /appA/ http://www.veryComputer.com/
ProxyPassReverse /appA/ http://www.veryComputer.com/
# App B
ProxyPass /appB/ http://www.veryComputer.com/
ProxyPassReverse /appB/ http://www.veryComputer.com/
</VirtualHost>

 
 
 

Apache reverse proxy does not communicate with web apps using HTTP 1.1 keepalive

Post by Volker Borcher » Wed, 23 Oct 2002 23:47:31



Quote:> According to the logs, it seems that exchanges between a client and
> the reverse proxy is based on HTTP 1.1.
> But, when i log exchanges between reverse proxy and app servers
> (apache or IIS), i see HTTP 1.0 with connection Closed (non Keepalive)
> even if the client is not Internet Explorer (because it is stricky
> using SSL with IE so i force downgrade to HTTP 1.0 non keepalive)

AFAIK mod_proxy for Apache 1.3.x can only do HTTP/1.0

--




 
 
 

Apache reverse proxy does not communicate with web apps using HTTP 1.1 keepalive

Post by Joshua Sliv » Thu, 24 Oct 2002 00:45:33



Quote:> Hi all,
> Problem: Apache reverse proxy does not communicate with web apps using
> HTTP 1.1 keepalive
> I am using Apache 1.3.23 compiled with mod_proxy et mod_ssl as a
> reverse proxy.
> As far as i know, apache 1.3.23 version accepts HTTP 1.1 requests

Until very recently, the Apache mod_proxy was HTTP1.0 only.
In recent versions, it has been upgraded to 1.1, but I think
1.3.23 is too old.

--
Joshua Slive

Apache HTTP Server Users Mailing List: http://httpd.apache.org/userslist.html

 
 
 

Apache reverse proxy does not communicate with web apps using HTTP 1.1 keepalive

Post by trimi » Thu, 24 Oct 2002 18:16:40


Joshua, Volker,

Thanx for your answers.

In fact, the question is : is it possible that my reverse proxy box
can proxy for backend servers with a **KEEPALIVE**  connection, even
if you say that Apache mod_proxy was HTTP1.0 only ?

I saw in the Announcement file included in apache 1.3.23 distribution
that mod_proxy 1.3.23 supports HTTP 1.1 but not thing about keepalive
connection.

Below a short extract of that file:

                     Apache 1.3.23 Major changes
  (skip ....)
  Security vulnerabilities
     * None addressed.

  New features
   The main new features in 1.3.23 (compared to 1.3.22) are:
     * HTTP/1.1 support for mod_proxy.
     * Other mod_proxy improvements.
     * The new 'FileETag' directive to allow one to build the
       format of the ETag via runtime directives.
     * Addition of a 'filter callback' function to enable modules to
       intercept the output byte stream for dynamic page caching.
  (skip ....)

According to you, from which version of apache you think that i can
use mod_proxy supporting HTTP 1.1 with keepalive connection.

triminh

 
 
 

1. Does apache 1.3.19 support HTTP/1.1 if configured as reverse proxy

Hello,

From all I read, apache should support HTTP/1.1. But I config it as a
reverse proxy and I send HTTP/1.1 requests. It gives me errors. I
trace the source codes and notice the it does  not support persistent
connection at all. It really confused me. Can anybody gives me a help
on it? Thanks.

Jenny

2. environ var in gcc @ solaris 8++ @ intel && sparc

3. apache http proxy - http/1.0 vs http/1.1

4. Help!!!! Error using DIP

5. Apache Proxy question: HTTP/1.1 -> HTTP/1.0

6. RPM guru's - what does netscape need?

7. apache proxy module support HTTP 1.1??

8. Ftape and Trakker 250MB?

9. apache proxy server and http/1.1

10. apache proxy and http/1.1

11. Proxy module with HTTP/1.1 for Apache?

12. Schedule for HTTP/1.1 support in Apache Proxy module?

13. WWW and PROXY auth when using Apache as authetifying reverse-proxy