On Thursday 19 July 2012, Graham Leggett wrote: > On 19 Jul 2012, at 18:07, Tim Bannister <is...@jellybaby.net> wrote: > > On 19 Jul 2012, at 17:26, Nick Kew wrote: > > > > > >>> 2. Fixes to get Apache to drop the connection if it detects > >>> (during .htaccess lookup) that it would need to change the > >>> uid. > >> > >> > >> > >> Dropping the connection gratuitously breaks HTTP, and so has no > >> place in httpd (of course, a third-party module sets its own > >> rules). Would it need a core patch to return an Internal Server > >> Error (500)? > > > > > > > > Vanilla httpd does this all the timeā¦ after a timed-out > > keepalive. The client cannot make any assumptions about the > > configured timeout, and can't tell whether the dropped > > connection is due to a genuine timeout or a UID mismatch between > > the previous and current request. > > I would hate to have to troubleshoot this - two completely > independent behaviors, with the same symptom but completely > different cause. > > Nick is right, a 500 is the right thing to do here.
No, mpm itk only closes the connection if a keep-alive request would need to be processed with a different uid than the previous request on the same connection. I.e., it cannot happen for the first request on a connection (which would cause breakage). But dropping the conn for a keep-alive request is allowed, and there are other modules that do it in some cases (including mod_proxy and mpm_event).