Hi Lukas, On Mon, Apr 25, 2016 at 07:29:26PM +0200, Lukas Tribus wrote: > You are saying force closing the session in the middle of a response leading > to > a truncate response and forcing the client to do the request all over again > is > something you would consider for your production environment?
Absolutely, all of this does not make any sense (at least presented like this). > >With that in mind, it's not overly uncommon behaviour. nginx for > >example has keepalive_timeout to facilitate the behaviour I'm looking > >for here > > I think your understanding of what nginx does is flawed. > > First of all nginx won't drop an active session (while a response is in > flight), so > unless all of those responses are very short-lived and all clients are fast, > the > transaction may endure long enough to hit your firewall thresholds. > > The other thing is just because the server transmits a FIN, doesn't mean the > client can't send another request. > > > What I'm saying is, you cannot guarantee on the HTTP level that a session > will be closed after a certain amount of time. For sure! I was told that IIS supports something nice which is the ability to stop doing keep-alive after a certain amount of requests or a certain duration. The goal (as I was told) was to ensure that TLS connections would be renewed from time to time, and maybe to ensure that any thread or process handling these requests would be renewed after some time, in order to limit the impact of possible memory leaks in bogus applications. Also while this can make sense on the application server to force some process/threads to stop serving new requests after some time, it is useless on a proxy or load balancer which is isolated from such components. Regards, Willy
