httpd-wiki-changes mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache Wiki <wikidi...@apache.org>
Subject [Httpd Wiki] Update of "InternalDummyConnection" by JeffGodin
Date Tue, 07 Apr 2009 15:41:45 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification.

The following page has been changed by JeffGodin:
http://wiki.apache.org/httpd/InternalDummyConnection

The comment on the change is:
added section on SSL considerations

------------------------------------------------------------------------------
  
  In 2.2.6 and earlier, in certain configurations, these requests may hit a heavy-weight dynamic
web page and cause unnecessary load on the server. You can avoid this by using mod_rewrite
to respond with a redirect when accessed with that specific User-Agent or IP address. 
  
+ === SSL Considerations ===
+ 
+ The internal dummy connections are not capable of speaking SSL. Thus, on servers with SSL
enabled, these requests may generate noise in the server error log similar to the following:
+ {{{
+ [info] [client ::1] Connection to child 6 established (server localhost:443)
+ [info] Seeding PRNG with 656 bytes of entropy
+ [info] [client ::1] SSL library error 1 in handshake (server localhost:443)
+ [info] SSL Library Error: 336027900 error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown
protocol speaking not SSL to HTTPS port!?
+ [info] [client ::1] Connection closed to child 6 with abortive shutdown (server localhost:443)
+ }}}
+ 
+ You can work around this by ensuring that the last Listen directive in your server configuration
is not using SSL. In a typical setup, this would mean that "Listen 443" would come before
"Listen 80".
+ 
+ This workaround should cause the internal dummy connections to be made to the non-SSL port,
where you can optionally filter them out using the suggestions above.
+ 
+ In a future release, the server will attempt to connect to a non-SSL port by default. This
change has been committed to svn, but not yet released (as of this writing).
+ 
+ Please see [https://issues.apache.org/bugzilla/show_bug.cgi?id=39653 Bug 39653] for more
background.
+ 

Mime
View raw message