On 9/9/2010 11:30 PM, Sander Temme wrote: > > On Sep 9, 2010, at 9:04 PM, Mike Schleif wrote: >>>> Run Apache 2.2.16 in front as reverse proxy, perhaps with mod_security to keep the stuff you don't want out? That would allow you to leave the Oracle stuff untouched.
>> >> Wow! Thank you for a clue. >> >> "Run Apache 2.2.16 in front as reverse proxy ..." >> >> What's that about? >> You'd install a recent version of Apache (2.2.16 being the latest at this time) on the machine, and run it on port 80 (or whatever the current Apache binds to; move the current one to a different port like 81). Then configure the front-end Apache to:
> > ProxyPass / http://localhost:81/ > ProxyPassReverse / http://localhost:81/ >> This way, clients will connect to the 2.2.16 on port 80, which will forward their requests to the older httpd.
>>> The reason my client's come to this is, whenever a Firefox browser initiates a session, the Apache service dies on Windows VM.
>>>> I've tried to identify the crash root cause; but, of course, nobody will help with Apache 1.3.12. Does that affect your recommendation?
>> Bummer. Hard to debug if you don't have debug symbols for the exact compile of the server, which I don't suppose Oracle would be able to produce for you. And then there would be very few on this planet who could interpret the dump.
>> If anything, this circumstance reinforces my recommendation. Apache 1.3 was never designed to run on Windows, and insofar that it did has never been more than an experiment. Apache 2.2 runs much better on Windows: the platform is considered a first class citizen.
>> Putting a more modern Apache in front of your old one will have it take care of the network traffic and deal with any client idiosyncrasies. And if a particular request or sequence makes your 1.3 backend die, the request will still be logged by the front-end. Newer Apache versions also have more elaborate logging capabilities for troubleshooting. This allows you to filter out the culprit requests using mod_security or something like that, or rewrite them to something that won't crash your 1.3.
>> You can also selectively proxy requests back, and eventually have everything served by the modern front-end. At that point you'd only pass the requests for the antiquated JServ stuff back to the 1.3.
> > S. Yes, very interesting idea. SSL: move all SSL to the new frontend? No SSL running on legacy web server? This could work. If ever I can be of service to you; contact me at once. I wish for you a truly extraordinary day ... -- Best Regards, Mike Schleif 612-235-6060 http://mdsresource.net http://www.linkedin.com/in/schleif http://facebook.com/MDSResource http://twitter.com/mikeschleif --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|