> -----Original Message----- > From: Daniel Ruggeri > Sent: Donnerstag, 25. November 2010 16:20 > To: [email protected] > Subject: Re: Making mod_proxy_http more aware of SSL > > > > > The loggers get in error state automatically when you call > > ap_proxyerror with HTTP_INTERNAL_SERVER_ERROR. No need to > do it manually. > > > > Regards > > > > Rüdiger > > > > The request goes into error state - that has never been the > problem (502 > is correct here). The real issue is that the proxy worker that served > the request does not. In a load balancing situation this > means that the > backend with broken SSL will stay in service and every other request > will send a 502 back to the user (for a 2 node round-robin > type of load > balancing). If I'm not explaining it well enough, have a look > at PR50332 > for a quick overview to duplicate the issue. > > With this patch, the backend worker is put into error state and is > subject to normal recovery attempts. In other words, one > request fails > and a 502 is returned but subsequent requests are correctly > sent to the > other backend until the error interval has expired and the > first backend > is retried. IMO, SSL handshake failures should be detected during > connection so we could attempt another backend but I am not > sure that's > possible.
Hence you should return a 500 as this signals the mod_proxy code that the backend is broken and should be put in error state. A 502 does not put the backend in error state (as you found out). Regards Rüdiger
