On 2011-08-18 11:26,Jeroen Geilman wrote: > On 2011-08-18 17:08, Edoardo Tirtarahardja wrote: >> Hi, >> >> I read from mod_proxy description in Apache 2.2 that the default worker >> does not use the HTTP Keep-Alive. >> >> Is there a way how to enable it for forward proxy configuration? > > You mean, from apache working as a forward proxy to the remote origin > server? > Can you imagine how bad that would be ? Well, this is a very isolated forward proxy within a very small test network. The reason is when I'm hitting our intranet site, it returns HTTP 403 as it requires NTLM authentication. However the apache forward proxy close the connection (TCP SYN) when delivering this HTTP 403 response to the client, causing the client to immediately display the HTTP 403. >From a computer that directly connected to our corp. LAN, I can see that if the TCP connection is kept alive, then the browser will re-send the request with NTLM authentication negotiation and then it works. I"m new in apache server, but I have done quite some google search and it seems apache does not have module to be NTLM proxy, i.e. perform NTLM auth. on the client behalf. The module for NTLM if I understand it correctly, is only to be used in reverse proxy or to authenticate the windows client. Then I put CNTLM proxy parent of apache proxy. While the authentication works, but to load the page takes considerably longer then the direct connection one (10 sec. as opposed ot 5 sec.) I can see that using direct connection, during the loading of the whole page, there are ~4 NTLM authentication negotiations. This is because the TCP connection are kept alive between requests. While using apache proxy (cascaded to NTLM proxy), I can see ~15 NTLM negotiations. This is because the apache proxy keeps closing the TCP toward the parent proxy at each request. >> I tried >> to set the 'keepalive' parameter in 'ProxyPass' directive it doesn't work. >> I think ProxyPass is more for reverse proxy, rather than forward proxy. > > As documented, ProxyPass is ONLY for reverse (i.e. known-origin) proxies. But also as documented, the worker ceated by 'ProxyPass' is *also* used by forward proxy. Is documentation wrong then? >> Setting it in 'Proxy' directive also doesn't work. >> >> Even I can make it work, those 'ProxyPass'& 'Proxy' requires an absolute >> URL, while I want to enable it for ALL request. > > Um. So use /. Thanks for the suggestion. But first I have to be able to create the worker that will keep the connection alive. I tried to create the worker using both 'Proxy' & 'ProxyPass' directive to a specific site, and it doesn't work. So if you know how to create a worker for forward proxy (or if possible change the default worker behaviour) so it performs HTTP Keep-Alive, please let me know. Thank you very much for your quick response. Cheers //Edo
begin:vcard fn:Edoardo Tirtarahardja n:Tirtarahardja;Edoardo org:Research In Motion Corporation adr:;;3000 CentreGreen Way;Cary;NC;27513;USA email;internet:etirtarahardja@xxxxxxx title:IOT Specialist tel;work:+1(919)677-4648 tel;fax:+1(919)677-4692 tel;cell:+1(919)802-3418 url:www.rim.com version:2.1 end:vcard
--------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|