2011/2/18 Igor GaliÄ <i.galic@xxxxxxxxxxxxxx>: > ----- Original Message ----- >> httpd error log: >> client denied by server configuration: >> proxy:ajp://localhost:8009/geoserver/gwc/service/wms >> This happens under 'high' load only (pages usually display > How high? Are we talking high demand, or high CPU? Concurrent requests. If I fire off 10 requests, then say the 1st 4 respond OK, & then the following 6 fail with the 403 'Forbidden' There is 2Gb RAM on the server, of which more than 1/2 is still free (no swap used) so I don't believe is's load per se. (Load average stays low) >> fine...there's no specific bad URL here). > Interesting.. usually this is caused by configuration mistakes: > http://wiki.apache.org/httpd/ClientDeniedByServerConfiguration Yeah, thumbs pointed me to that doc, which is a nice summary of the on/off cases, but doesn't help with this concurrency issue... >> httpd snippet: >> ProxyPreserveHost on >> RewriteRule ^/geoserver/(.*)$ ajp://localhost:8009/geoserver/$1 [P] >> ProxyPassReverse /geoserver ajp://localhost:8009/geoserver/ > Why are you doing that? It doesn't make *any* sense. > Why not use > ProxyPass /geoserver/ ajp://localhost:8009/geoserver/ > ProxyPassReverse /geoserver ajp://localhost:8009/geoserver/ > See: http://wiki.apache.org/httpd/WhenNotToUseRewrite > And: http://www.apachetutor.org/admin/reverseproxies > Please change it accordingly, and see report back whether > it's still happening or not. ok, I'm using rewrite for other things so am in the habit of it, but yes, it provides no especial gain here. I tried disabling it - didn't seem to make much odds. What I am finding luck with is: disablereuse On This is easier to apply using the ProxyPass syntax (no need for the ProxySet method) >> Happens even with 'Allow from all' in proxy.conf (in fact nothing in >> that file makes any difference, presumably as it only affects Forward >> proxies. > You should probably delete that file. > Or see: > http://wiki.apache.org/httpd/DebianDeb0rkification No love lost, I see ;) Luckily the file is easily ignored for me :) >> Back-end is GeoServer in Tomcat 6 (exactly same thing happened with >> 5.5) on Debian Squeeze 64-bit & current Sun JVM. >> Nothing in the logs at the back-end, though, seems to be a problem >> with the Connector. >> Same thing whether or not using the 'APR based Apache Tomcat Native >> library 1.1.20' or not. >> I tried putting in a connectionTimeout into server.xml, but it makes >> no difference: >> <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" >> connectionTimeout="60000" /> >> Only web posts I've seen are the on/off conditions rather than >> erratic ones. >> Many thanks, for any suggestions :) > If all else fails, try using the HTTP connector. Yup, that's worth a try if I can't fix AJP ;) Thanks a lot, Fran. >> Fran. > -- > Igor GaliÄ > > Tel: +43 (0) 664 886 22 883 > Mail: i.galic@xxxxxxxxxxxxxx > URL: http://brainsware.org/ --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|