Apache reverse-proxy closing my connection?

Gregory Boyce gboyce-qL0WqcyiFk9Wk0Htik3J/w at public.gmane.org
Mon May 16 12:58:45 EDT 2011


Two things I noticed:

1) NTLM auth may not work properly via  proxy.

http://www.gossamer-threads.com/lists/apache/dev/312633

2) disablereuse=on and keepalive=on are contractory.  Both are
referring to the persistence of the backend connection rather than the
frontend.  keepalive=on turns it on while disablereuse turns it off.

> ProxyRequests off
> ProxyPass / http://172.16.64.10/ timeout=300 disablereuse=on nocanon keepalive=on
> ProxyPassReverse http://172.16.64.10/ /
> ProxyPassReverseCookieDomain 172.16.64.10 127.0.0.1
> ProxyVia off

Is frontend persistence enabled somewhere else in the configuration?

On Sat, May 14, 2011 at 6:15 PM, Derek Atkins <warlord-3s7WtUTddSA at public.gmane.org> wrote:
> Hey,
>
> I'm trying to setup Apache as a reverse proxy but it looks like Apache
> is improperly closing my connection.  From the wireshark output I see
> the following transactions which clearly show that the connection
> *should* be kept alive, but the proxy is adding a "Connection: close" to
> the final response:
>
> CLIENT -> PROXY:
>
> GET /Pages/Default.aspx HTTP/1.1
> Host: 127.0.0.1
> User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.12) Gecko/20100907 Fedora/3.5.12-1.fc12 Firefox/3.5.12
> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
> Accept-Language: en-us,en;q=0.5
> Accept-Encoding: gzip,deflate
> Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
> Keep-Alive: 300
> Connection: keep-alive
> Cookie: WSS_KeepSessionAuthenticated=80
> Pragma: no-cache, no-cache
> Cache-Control: no-cache, no-cache
> Authorization: NTLM TlRMTVNTUAABAAAAB4IIAAAAAAAAAAAAAAAAAAAAAAA=
>
> PROXY -> BACKEND SERVER:
>
> GET /Pages/Default.aspx HTTP/1.1
> Host: 172.16.64.10
> User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.12) Gecko/20100907 Fedora/3.5.12-1.fc12 Firefox/3.5.12
> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
> Accept-Language: en-us,en;q=0.5
> Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
> Cookie: WSS_KeepSessionAuthenticated=80
> Pragma: no-cache, no-cache
> Cache-Control: no-cache, no-cache
> Authorization: NTLM <auth data here>
> X-Forwarded-For: 127.0.0.1
> X-Forwarded-Host: 127.0.0.1
> X-Forwarded-Server: pgpdev.ihtfp.org
> Connection: Keep-Alive
>
> BACKEND SERVER -> PROXY:
>
>
> HTTP/1.1 401 Unauthorized
> Content-Length: 1539
> Content-Type: text/html
> Server: Microsoft-IIS/6.0
> WWW-Authenticate: NTLM <challenge data here>
> X-Powered-By: ASP.NET
> MicrosoftSharePointTeamServices: 12.0.0.6421
> Date: Fri, 13 May 2011 20:14:24 GMT
>
> <data>
>
> But finally the PROXY -> CLIENT:
>
> HTTP/1.1 401 Unauthorized
> Date: Fri, 13 May 2011 20:14:24 GMT
> Server: Microsoft-IIS/6.0
> Content-Length: 1539
> Content-Type: text/html; charset=UTF-8
> WWW-Authenticate: NTLM <challenge data here>
> X-Powered-By: ASP.NET
> MicrosoftSharePointTeamServices: 12.0.0.6421
> Connection: close
>
> <data>
>
>
> Note the "Connection: close" in the Proxy -> client response!  However
> the response from the backend server to the proxy clearly is a
> keep-alive, as it's an HTTP/1.1 and doesn't have a Connection header.
> Is there something missing from my Apache configuration?  Is this a bug
> in Apache (I'm using version 2.2.15)?  Here's the relevant configuration
> (for my testing purposes, I've tried setting many different Proxy
> options to try to get it working):
>
> ProxyRequests off
> ProxyPass / http://172.16.64.10/ timeout=300 disablereuse=on nocanon keepalive=on
> ProxyPassReverse http://172.16.64.10/ /
> ProxyPassReverseCookieDomain 172.16.64.10 127.0.0.1
> ProxyVia off
>
> <Location />
> ProxyPassReverse /
> RequestHeader    unset  Accept-Encoding
> </Location>
>
> Any suggestions?
>
> Thanks!
>
> -derek
>
> --
>       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
>       Member, MIT Student Information Processing Board  (SIPB)
>       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
>       warlord-DPNOqEs/LNQ at public.gmane.org                        PGP key available
> _______________________________________________
> Discuss mailing list
> Discuss-mNDKBlG2WHs at public.gmane.org
> http://lists.blu.org/mailman/listinfo/discuss
>





More information about the Discuss mailing list