Jeffrey Burgoyne wrote:

1) SSL proxying. Due to security policies, we have a number of back end
app servers that require SSL from the client to the server. Therefore SSL
based proxying is a requirement. I have never seen a definitive statement
as to whether SSL proxying is supported, but I've seen indications it is
not, and confirmed in my tests that it did not work. Is there any plans to
implement this feature?

If it doesn't work now, it is definitely desirable to make it work.

The v2.0 mod_proxy talks to the backend servers using the standard filter stack, so making it talk SSL to the backend should be as straightforward as adding the right filters to the stack at the right time under the right circumstances.

If you're willing to submit code for this, I will definitely support getting this into v2.0 (not only v2.2).

2) Timeout Directive. I tried using this with the test suite that I used
for my mod_proxy changes, and did not get the intended results. For
example, I wrote a cgi that wais 30 seconds before passing back a
response, and set the timeout to 10 seconds. On my version the proxy would
give up after 10 seconds of no data transfer. This did not happen with the
2.X timeout. Can someone give a better explanation of what this timeout
handles and whether I possibly made a configuration mistake.

As I recall, the timeout directive handles the timeout after a connection has been established - this definitely would need to be looked at if it's not working properly.

3) Monitoring. My proxy changes wrote out a customize log entry upon
failure. I then wrote a program which analyzed this log in real time and
sent out warnings on configurable intervals when configurable thresholds
were breached. Assuming I can get 1 and 2 sorted out, I'd be willing to
work on this third item as an enhancement to mod_proxy.

This is also something really useful - please submit the patch :)

Regards,
Graham
--

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature



Reply via email to