Bug 59935

Summary: apache 2.2 mod_proxy keepalive does not work with https backend and ProxyRemote *
Product: Apache httpd-2 Reporter: Jo Van Hoof <vanhoofjo>
Component: mod_proxyAssignee: Apache HTTPD Bugs Mailing List <bugs>
Severity: normal Keywords: MassUpdate
Priority: P2    
Version: 2.2-HEAD   
Target Milestone: ---   
Hardware: PC   
OS: Linux   

Description Jo Van Hoof 2016-08-03 11:33:41 UTC
we noticed in our current setup on apache 2.2 that a ProxyPass to a https backend with ProxyRemote * always create a new TCP connection when a new request arrives , although http keepalive is activated 

we also noticed this problem is resolved when we upgrade to apache 2.4 with the same setup

after some testing with a while bunch of different apache versions and patches we've discovered that r1227642 ( http://svn.apache.org/viewvc?view=revision&amp;revision=1227642 ) , which was put in branch 2.4 via r1227645 ( http://svn.apache.org/viewvc?view=revision&revision=1227645 ) seems to solve this keepalive problem in this particular config

we've tested following patch on a 2.2 (diff from 2.2-head)

--- proxy_util.c        2016-07-28 02:55:34.000000000 +0200
+++ proxy_util.c        2016-08-02 21:16:59.000000000 +0200
@@ -2183,19 +2183,17 @@
                            uri->fragment ? uri->fragment : "", NULL);
-     * Make sure that we pick the the correct and valid worker.
-     * If a single keepalive connection triggers different workers,
-     * then we have a problem (we don't select the correct one).
-     * Do an expensive check in this case, where we compare the
-     * the hostnames associated between the two.
+     * Figure out if our passed in proxy_conn_rec has a usable
+     * address cached.
-     * TODO: Handle this much better...
+     * TODO: Handle this much better...
+     *
+     * XXX: If generic workers are ever address-reusable, we need
+     *      to check host and port on the conn and be careful about
+     *      spilling the cached addr from the worker.
     if (!conn->hostname || !worker->is_address_reusable ||
-         worker->disablereuse ||
-         (r->connection->keepalives &&
-         (r->proxyreq == PROXYREQ_PROXY || r->proxyreq == PROXYREQ_REVERSE) &&
-         (strcasecmp(conn->hostname, uri->hostname) != 0) ) ) {
+         worker->disablereuse) {
         if (proxyname) {
             conn->hostname = apr_pstrdup(conn->pool, proxyname);
             conn->port = proxyport;

this patch seems to solve the keepalive issue on a 2.2, although i am not 100% sure if it will break other stuff, should this patch be committed to the 2.2-branch ?
Comment 1 William A. Rowe Jr. 2018-11-07 21:09:06 UTC
Please help us to refine our list of open and current defects; this is a mass update of old and inactive Bugzilla reports which reflect user error, already resolved defects, and still-existing defects in httpd.

As repeatedly announced, the Apache HTTP Server Project has discontinued all development and patch review of the 2.2.x series of releases. The final release 2.2.34 was published in July 2017, and no further evaluation of bug reports or security risks will be considered or published for 2.2.x releases. All reports older than 2.4.x have been updated to status RESOLVED/LATER; no further action is expected unless the report still applies to a current version of httpd.

If your report represented a question or confusion about how to use an httpd feature, an unexpected server behavior, problems building or installing httpd, or working with an external component (a third party module, browser etc.) we ask you to start by bringing your question to the User Support and Discussion mailing list, see [https://httpd.apache.org/lists.html#http-users] for details. Include a link to this Bugzilla report for completeness with your question.

If your report was clearly a defect in httpd or a feature request, we ask that you retest using a modern httpd release (2.4.33 or later) released in the past year. If it can be reproduced, please reopen this bug and change the Version field above to the httpd version you have reconfirmed with.

Your help in identifying defects or enhancements still applicable to the current httpd server software release is greatly appreciated.