Jeffrey Burgoyne wrote:
1) SSL proxying. Due to security policies, we have a number of back end app servers that require SSL from the client to the server. Therefore SSL based proxying is a requirement. I have never seen a definitive statement as to whether SSL proxying is supported, but I've seen indications it is not, and confirmed in my tests that it did not work. Is there any plans to implement this feature?
If it doesn't work now, it is definitely desirable to make it work.
The v2.0 mod_proxy talks to the backend servers using the standard filter stack, so making it talk SSL to the backend should be as straightforward as adding the right filters to the stack at the right time under the right circumstances.
If you're willing to submit code for this, I will definitely support getting this into v2.0 (not only v2.2).
2) Timeout Directive. I tried using this with the test suite that I used for my mod_proxy changes, and did not get the intended results. For example, I wrote a cgi that wais 30 seconds before passing back a response, and set the timeout to 10 seconds. On my version the proxy would give up after 10 seconds of no data transfer. This did not happen with the 2.X timeout. Can someone give a better explanation of what this timeout handles and whether I possibly made a configuration mistake.
As I recall, the timeout directive handles the timeout after a connection has been established - this definitely would need to be looked at if it's not working properly.
3) Monitoring. My proxy changes wrote out a customize log entry upon failure. I then wrote a program which analyzed this log in real time and sent out warnings on configurable intervals when configurable thresholds were breached. Assuming I can get 1 and 2 sorted out, I'd be willing to work on this third item as an enhancement to mod_proxy.
This is also something really useful - please submit the patch :)
Regards, Graham --
smime.p7s
Description: S/MIME Cryptographic Signature